lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <0175d860-afb3-2152-7bc0-b4d64f44d247@securify.nl> Date: Tue, 9 Aug 2016 19:47:22 +0200 From: "Securify B.V." <lists@...urify.nl> To: fulldisclosure@...lists.org Subject: [FD] Internet Explorer iframe sandbox local file name disclosure vulnerability ------------------------------------------------------------------------ Internet Explorer iframe sandbox local file name disclosure vulnerability ------------------------------------------------------------------------ Yorick Koster, March 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was found that Internet Explorer allows the disclosure of local file names. This issue exists due to the fact that Internet Explorer behaves different for file:// URLs pointing to existing and non-existent files. When used in combination with HTML5 sandbox iframes it is possible to use this behavior to find out if a local file exists. This technique only works on Internet Explorer 10 & 11 since these support the HTML5 sandbox. Also it is not possible to do this from a regular website as file:// URLs are blocked all together. The attack must be performed locally (works with Internet zone Mark of the Web) or from a share. ------------------------------------------------------------------------ See also ------------------------------------------------------------------------ - CVE-2016-3321 - MS16-095: Cumulative Security Update for Internet Explorer (3177356) ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully verified on Internet Explorer 10 and Internet Explorer 11. The HTML5 sandbox iframes is not available in older versions of Internet Explorer. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Microsoft released MS16-095 that fixes this vulnerability. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists