| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040919022354.36516.qmail@web8506.mail.in.yahoo.com> Date: Sun, 19 Sep 2004 03:23:54 +0100 (BST) From: ViPeR <viper31337@...oo.co.in> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com, PenetrationTesting@...oogroups.com, pentest@...sg.org, news@...uriteam.com, bugs@...uritytracker.com, vulnwatch@...nwatch.org, viper31337@...oo.co Subject: Re: GoogleToolbar:About -- Allows Script Injection hi, agreed, but still its possible to conduct remote attacks on unpatched IE i suppose. Also, if a new flaw pops up using which we are able to access "res:" protocol from the internet-zone, well, this is one way of injecting code into the mycomputer-zone. well, all i wanted to point out was that there was no filtering on part of software, to disallow any such attacks. rgds, Viper --- "Rafel Ivgi, The-Insider" <theinsider@....net.il> wrote: > This is not dangerous from remote, because the > "res:" protocol is not > accessible by internet zone. You must to find a way > to access "res:" from > remote, otherwise it means nothing. As for local > zone, you can ran scripts > in mycomputer zone. > > > Rafel Ivgi, The-Insider > Security Consultant, Finjan.com > ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists