This is not a new vulnerability but was covered on Bugtraq in September by jelmer and Liu Die Yu. Jelmer highlighted the Media Bar Ressource Injection vulnerability in his exploit published on September 11, 2003 at http://securityfocus.com/archive/1/337285 Which followed Liu Die Yus post on September 10 about a Search Pane Injection vulnerability at http://www.securityfocus.com/archive/1/336931 However, both failed to elaborate that the _media and _search injections are possible through not only the FILE protocol but also the HTTP protocol. Your proof-of-concept is a good demonstration on how to extend these 2 related vulnerabilities to also cover arbitrary webpages such as Google or Passport. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@pivx.com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: Cheng Peng Su [mailto:apple_soup@msn.com] Sent: Wednesday, March 03, 2004 4:47 AM To: bugtraq@securityfocus.com Subject: New Internet Explorer Cross Zone/Site Scripting Vulnerability Snip http://www.securityfocus.com/archive/1/356083/2004-02-29/2004-03-06/0
