| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <005201c4ad9f$463c0380$060010b0@dagon> Date: Sat, 9 Oct 2004 03:28:25 +0200 From: "GreyMagic Security" <security@...ymagic.com> To: <full-disclosure@...ts.netsys.com>, "Bugtraq" <bugtraq@...urityfocus.com> Cc: <guninski@...inski.com> Subject: Re: Yet another IE aperture >Georgi Guninski security advisory #71, 2004 >http://www.guninski.com/where_do_you_want_billg_to_go_today_1.html .. snip .. >By opening html in IE it is possible to read at least well formed xml from >arbitrary servers. The info then may be transmitted. GreyMagic disclosed the EXACT same issue on August 2002, over two years ago. Microsoft, at the time, took over 6 months to resolve the issue (initially reported to them on Feb 2002) and eventually released a patch (MS02-047). See http://www.greymagic.com/security/advisories/gm009-ie/ for more details and a live PoC (it also shows a neat method to get partial content from documents that aren't well-formed xml). That said, all our tests of this issue currently throw an "Access denied" exception, as they properly should. However, these tests are performed in the Internet Zone. Your tests might have been performed in another zone that had "Access data sources across domains" set to "Enabled," which would enable this vulnerability by design. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists