RE: MSIE:"SaveRef" turns Zone off

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <bugtraq@securityfocus.com>, "Die Yu Liu" <liudieyuinchina@yahoo.com.cn>
Subject: RE: MSIE:"SaveRef" turns Zone off
From: "Thor Larholm" <thor@pivx.com>
Date: Wed, 2 Oct 2002 14:06:58 +0200

This also works in IE5.5 as well.

Besides reading cookies from arbitrary sites, this vulnerability also allows
local file reading and execution - when combined with the OBJECT
crossprotocol redirection vulnerability.

http://jscript.dk/2002/10/sec/SaveRefLocalFile.html




Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC

Are You Secure?
http://www.PivX.com

Prev by Date: [security bulletin] SSRT2371 HP OpenVMS Potential POP server localvulnerability (fwd)
Next by Date: Apache 2 Cross-Site Scripting
Previous by thread: MSIE:"SaveRef" turns Zone off
Next by thread: [security bulletin] SSRT2371 HP OpenVMS Potential POP server localvulnerability (fwd)
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux