Re: Who framed Internet Explorer and IE6 SP1From: GreyMagic Software (security@GREYMAGIC.COM)
- Previous message: Thor Larholm: "IE6 SP1 Notes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Sep 2002 22:01:38 +0200 From: GreyMagic Software <security@GREYMAGIC.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
We received numerous emails asking whether the frames issue is (partially)
fixed in IE6 SP1 since the "Program execution" and "Local file reading"
demonstrations in our advisory did not function.
These demonstrations did not function because SP1 blocks links to res:// and
file:// URLs and not because Microsoft fixed the core vulnerability (this
could have been verified by running the first and second demonstrations).
We have now revised both demonstrations according to Thor's post, and it is
again possible to read local files and execute programs under IE6 SP1 as
The advisory and demonstrations can be found at
>..Ironically, though, the fix itself opens up a way to circumvent this
>security measure. You can still open any file:// or res:// file
><object type="text/html" data="redirect.asp"></object>