lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <0175d860-afb3-2152-7bc0-b4d64f44d247@securify.nl>
Date: Tue, 9 Aug 2016 19:47:22 +0200
From: "Securify B.V." <lists@...urify.nl>
To: fulldisclosure@...lists.org
Subject: [FD] Internet Explorer iframe sandbox local file name disclosure
 vulnerability

------------------------------------------------------------------------
Internet Explorer iframe sandbox local file name disclosure
vulnerability
------------------------------------------------------------------------
Yorick Koster, March 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that Internet Explorer allows the disclosure of local file
names. This issue exists due to the fact that Internet Explorer behaves
different for file:// URLs pointing to existing and non-existent files.
When used in combination with HTML5 sandbox iframes it is possible to
use this behavior to find out if a local file exists. This technique
only works on Internet Explorer 10 & 11 since these support the HTML5
sandbox. Also it is not possible to do this from a regular website as
file:// URLs are blocked all together. The attack must be performed
locally (works with Internet zone Mark of the Web) or from a share.

------------------------------------------------------------------------
See also
------------------------------------------------------------------------
- CVE-2016-3321
- MS16-095: Cumulative Security Update for Internet Explorer (3177356)

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on Internet Explorer 10 and
Internet Explorer 11. The HTML5 sandbox iframes is not available in
older versions of Internet Explorer.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Microsoft released MS16-095 that fixes this vulnerability.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists