Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: IE5.5 window.externalNavigateAndFind security vulnerability.. ..
From: Clover Andrew <aclover () 1VALUE COM>
Date: Mon, 2 Oct 2000 10:13:56 +0200
Multiple security vulnerabilities found in
window.external.NavigateAndFind function in IE5.5...


Verified on IE5.00. Will probably also work on IE4.
(Though the on-line exploit for "vulnerability 3" is
slightly broken in that it tries to open the relative
URL "code.txt" instead of an absolute, local path.)

These are all really the same vulnerability, of course:
that javascript: URLs are incorrectly executed in the
security context of the previous document. MS patched
around previous incarnations of this but seem to have
missed NavigateAndFind. Very poor, but you can't help
thinking that javascript: URLs were a stupid idea in
the first place.

--
Andrew Clover
Technical Support
1VALUE.com AG

  By Date           By Thread  

Current thread:
  • Re: IE5.5 window.externalNavigateAndFind security vulnerability.. .. Clover Andrew (Oct 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]