mailing list archives
Sandblad's IE vulnerabilities
From: "Lise Moorveld" <lise_moorveld () hotmail com>
Date: Fri, 18 Feb 2005 14:27:28 +0100
Did you guys spot this? Three vulnerabilities in IE that lead to remote code
execution when combined. Discovered by Andreas Sandblad, apparently fixed by
the latest cumulative IE patch (MS05-014), but not confirmed by MS.
I do miss his personal advisories, with the cute ascii-figure in his .sig:
o' \,=./ `o
---ooO--(_)--Ooo--- (c) Sandblad
But above all, I miss the detailed description... the patches are out, I
should hope everybody installed them by now, so where is the meat?
What do you guys make from it?
"A parsing error in the "codebase" attribut of the "object" tag.
This can be exploited to execute local files with any file extension
from the "Local Computer Zone" by appending "?.exe"."
Would this be limited to binary files, or would one be able to parse an HTML
its related to the codebase vulnerabilities reported some time ago...
MSN Search, for accurate results! http://search.msn.nl
Full-Disclosure - We believe in it.
- Sandblad's IE vulnerabilities Lise Moorveld (Feb 19)