| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lise_moorveld at hotmail.com (Lise Moorveld) Subject: Yet another reason not to use IE! Old news? Hi, >Just visited a well known site (Wired.com) and had a nice little piece of >code cause the page that I was reading to go blank – DNS error page. >Here’s the offending code (parentheses instead of slashes to not cause AV >scanning issues) and thank God I wasn’t using XP: > >ms-its:c:((windows(Help(iexplore.chm::)iegetsrt.htm Correct me if I'm wrong, but the only thing this bit of code does is open a local file taken from a local CHM file. Jelmer mentioned this bit of code in his recent analysis: http://62.131.86.111/analysis.htm Apparently, the trick is that it is opened in the Local Computer Zone and that, if you know a cross-zone scripting vulnerability, you can inject malicious scripting code into the local file and have it executed in the security context of the Local Computer Zone. So what would be really interesting is finding the code in the banner that performs the cross-zone scripting. Also, in the analysis of Jelmer, the local file is opened using the Location: header. I'm not sure what it means if a banner can alter headers? Would it mean the banner server is compromised? Any ideas anyone? -- Lise _________________________________________________________________ Hotmail en Messenger on the move http://www.msn.nl/communicatie/smsdiensten/hotmailsmsv2/
Powered by blists - more mailing lists