lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030617183242.4637de89.matt.moore@pentest-limited.com>
Date: Tue, 17 Jun 2003 18:32:42 +0000
From: Matt Moore <matt.moore@...test-limited.com>
To: bugtraq@...urityfocus.com
Subject: Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)


Hello,

On Tue, 17 Jun 2003 10:09:51 "GMT"
GreyMagic Software <security@...ymagic.com> wrote:

> GreyMagic Security Advisory GM#013-IE
> =====================================
> 
...
> 
> Topic: Cross-Site Scripting in Unparsable XML Files.
> 
> Discovery date: 18 Feb 2003.

I also reported this to Microsoft - sometime around May or June 2002. In the exchange of emails I had with them, they confirmed that it was indeed due to the MSXML parser. I'd tested the flaw on IE 5 and 5.5 (Win2k.) I do remember that MS said they would fix it in a service pack - although they didn't specify whether it was an IE service pack or Win2k (one would assume Win2k as MSXML isn't a part of IE? Not sure about that). 

Several Application Server default installs leave files visible which can be used to exploit this bug (e.g. Oracle 9iAS 9.0.2 has several .dtd files visible which can be used to cause the MSXML parser to generate the error page).

I copied Steve Christey at Mitre on a couple of the emails to MS so this may already have a CAN entry. (Hello Steve)

Over the course of at least four months I exchanged several emails with someone called 'Terry' from the MS Security Response Centre. However, I never got any definitive answer as to whether the problem was fixed or not. 

Obviously not.

regards,

Matt

--
Matt Moore <matt.moore (at) pentest-limited.com>
E073 2975 0D69 B250 C225
A03E 30A8 AE27 A4F7 2A8A


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ