Bugtraq: RE: MSIE:"SaveRef" turns Zone off

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: MSIE:"SaveRef" turns Zone off

From: "Thor Larholm" <thor () pivx com>
Date: Wed, 2 Oct 2002 14:06:58 +0200

This also works in IE5.5 as well.

Besides reading cookies from arbitrary sites, this vulnerability also allows
local file reading and execution - when combined with the OBJECT
crossprotocol redirection vulnerability.

http://jscript.dk/2002/10/sec/SaveRefLocalFile.html




Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC

Are You Secure?
http://www.PivX.com

By Date By Thread

Current thread:

MSIE:"SaveRef" turns Zone off Liu Die Yu (Oct 01)
- <Possible follow-ups>
- RE: MSIE:"SaveRef" turns Zone off Thor Larholm (Oct 02)