lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jkuperus at planet.nl (Jelmer) Subject: Internet Explorer JavaScript insecure function >I discovered a javascript function (interpreted by Internet Explorer) called "file.writeline()" may be >potentially dangerous for Internet Explorer users. This function allows to write files by means of >JavaScript on a hard disk. http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0010.html It could be that you are using an old version of IE and independantly redicovered this vulnerability but I sincerely doubt it, especially since you refer to the issue as being in a javascript function, when it was infact the possibilty to create an activex objects that was the issue ( writeline is a method of the filesystem activex object)
Powered by blists - more mailing lists