Bugtraq: Re: BrownOrifice can break firewalls! NOW MSIE

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: BrownOrifice can break firewalls! NOW MSIE

From: Alexey Yarovinsky <ayarovin () OLTRES COM>
Date: Sun, 20 Aug 2000 10:55:59 +0300

Hi,

The same security hole, exists in MSIE too, with one restriction: url can't
start with file:. But still the applet from outside site, can access you
intranet servers including ftps and ALL sites you have access to. The
demonstration of the bug is here:

http://www.oltres.com/ms-bug/

Thanx, Alexey.

PS: The applet was tested on WinNT 4.0sp5 with Internet Explorer both 5 and 5.5
versions.

By Date By Thread

Current thread:

BrownOrifice can break firewalls! Greulich, Andreas (Aug 10)
- Re: BrownOrifice can break firewalls! TAKAGI, Hiromitsu (Aug 14)
  - Re: BrownOrifice can break firewalls! Alexey Yarovinsky (Aug 17)
  - JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!) TAKAGI, Hiromitsu (Aug 18)
  - Re: BrownOrifice can break firewalls! TAKAGI, Hiromitsu (Aug 25)
- Re: BrownOrifice can break firewalls! NOW MSIE Alexey Yarovinsky (Aug 21)
  - Re: BrownOrifice can break firewalls! NOW MSIE TAKAGI, Hiromitsu (Aug 23)