lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <005201c4ad9f$463c0380$060010b0@dagon>
From: security at greymagic.com (GreyMagic Security)
Subject: Re: Yet another IE aperture

>Georgi Guninski security advisory #71, 2004
>http://www.guninski.com/where_do_you_want_billg_to_go_today_1.html

.. snip ..

>By opening html in IE it is possible to read at least well formed xml from
>arbitrary servers. The info then may be transmitted.

GreyMagic disclosed the EXACT same issue on August 2002, over two years ago.
Microsoft, at the time, took over 6 months to resolve the issue (initially
reported to them on Feb 2002) and eventually released a patch (MS02-047).

See http://www.greymagic.com/security/advisories/gm009-ie/ for more details
and a live PoC (it also shows a neat method to get partial content from
documents that aren't well-formed xml).

That said, all our tests of this issue currently throw an "Access denied"
exception, as they properly should. However, these tests are performed in
the Internet Zone. Your tests might have been performed in another zone that
had "Access data sources across domains" set to "Enabled," which would
enable this vulnerability by design.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ