lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D273C64@pivxwin2k1.secnet.pivx.com>
Date: Mon, 29 Dec 2003 11:05:35 -0800
From: <tlarholm@...x.com>
To: <1@...ware.com>, <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: RE:  DANGER ZONE: Internet Explorer


What this all boils down to is that when you add a site to the Trusted
Zone you are giving it additional privileges - this is by design and not
a vulnerability. You can read more about IE Security Settings at

http://www.microsoft.com/windows/ie/using/howto/security/settings.asp

from which we can also read about the Trusted Zone that you should:

"Add a site to this zone only if you trust that it would never cause
harm to your computer."

Giving any site additional executional privileges means that you are
extending your level of trust. You are trusting that the site in
question does not get compromised and have its content replaced with
malicious code, and you are trusting that the site does not have any XSS
errors that would allow harmful code injection into the HTML stream.

There are no sites in the Trusted Zone on a default installation so the
impact is significantly lowered. However, Windows Update is hardcoded to
have additional privileges so if you want to try and practically abuse
the level of trust you would have better luck in trying to find XSS
errors on the Windows Update site or find ways to beat the URL parsing
algorithm that detects whether IE is on the Windows Update site or not.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
949-231-8496

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 


-----Original Message-----
From: http-equiv@...ite.com [mailto:1@...ware.com] 
Sent: Friday, December 26, 2003 9:02 AM
To: bugtraq@...urityfocus.com
Cc: NTBugtraq@...tserv.ntbugtraq.com
Subject: DANGER ZONE: Internet Explorer

<snip
http://www.securityfocus.com/archive/1/348363/2003-12-26/2004-01-01/0>

<snip http://tinyurl.com/3eldd>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ