Alert: Release of MS02-009 Security Bulletin - Cross-domain VBScripting

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 02/22/02


Date:         Thu, 21 Feb 2002 21:17:13 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

http://www.microsoft.com/technet/security/bulletin/MS02-009.asp

Affects IE 5.01, 5.5, and 6.0 (regardless of platform).

Vulnerability allows VBScript launched in one frame, to access the
contents of other frames (in particular, frames that are consider in a
different domain, e.g. a frame in the Internet Zone can access the
contents of a frame in the My Computer zone). As such, a script could
read local files on a target system.

Microsoft rates this issue as Moderate for Internet/Intranet services,
and Critical for clients.

Cheers,
Russ - NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo