lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <002701c76732$d4e176c0$7ea46440$@com>
Date: Thu, 15 Mar 2007 20:50:39 +0200
From: "avivra" <avivra@...il.com>
To: <robert@...rythingeverything.co.uk>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Phishing using IE7 local resource
	vulnerability

Hi Robert,

Protected Mode and UAC are different security features. 
But even though, it is possible to access local resource ("res://") links
with Protected Mode and UAC features enabled. You can test it yourself here:
http://www.raffon.net/research/ms/ie/navcancl/cnn.html or watch the demo
video here: http://raffon.net/videos/ie7navcancl.wmv.
The only way to mitigate this vulnerability by an out-of-the-box security
feature is to set the security level of the "Internet Zone" to "High". This
will disable "javascript:" links, so the user will not be able to click the
"Refresh the page." link in the navcancl.htm local resource page. 
But, I doubt anyone will do that when they can simply just avoid clicking
any link in the "Navigation Canceled" page.

--Aviv.

-----Original Message-----
From: robert@...rythingeverything.co.uk
[mailto:robert@...rythingeverything.co.uk] 
Sent: Thursday, March 15, 2007 5:13 PM
To: bugtraq@...urityfocus.com
Subject: Re: Phishing using IE7 local resource vulnerability

This appears to be mitigated in Vista by Protected Mode, which is on by
default, and denies access to local resources. If people decide to disable
UAC, they must accept the potential risks that come with it, such as this
XSS attack. I appreciate that this is a valid risk for XP.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ