Re: Vulnerable cached objects in IE (9 advisories in 1)

From: Thor Larholm (thor@PIVX.COM)
Date: 10/23/02

Date:         Wed, 23 Oct 2002 15:49:50 +0200
From: Thor Larholm <thor@PIVX.COM>

After GreyMagic released their email advisory they updated the advisory on
their website. Appareantly, further testing revealed that IE6 SP1 did not
fix these holes in a generic way, and instead choose to apply security
checks on individual methods and properties.

These 2 properties seems to have been overlooked, and I suspect that many
more will follow in the category of caching vulnerabilities.

I can personally confirm through my own testing that the "external" and
"clipboardData" caching vulnerabilities are still unpatched even on IE6 SP1,
enabling cookie theft, local file reading and arbitrary command execution
even in IE6 SP1. Peer research (such as jelmers post on the bugtraq list)
reveals the same.

As such, I would take the words of the updatable website advisory over the
unchangable email advisory any day. IE 5.5 SP2 and IE6 SP1 are both
vulnerable, the latter just to a lesser extent.

Thor Larholm, Security Researcher
PivX Solutions, LLC

Are You Secure?

-----Original Message-----
From: Holger Hasenstrauch [mailto:holger@RDT.CO.UK]
Sent: 23. oktober 2002 13:55
Subject: Re: Vulnerable cached objects in IE (9 advisories in 1)

This advisory on NTBugtraq says that IE6 SP1 is not vulnerable, but the
advisory on the website ( says:

"IE6 SP1 is vulnerable to the "external" and "clipboardData" vulnerabilities
and immune to the rest."

Can anyone clarify?

Holger Hasenstrauch

> -----Original Message----- > From: GreyMagic Software [mailto:security@GREYMAGIC.COM] > Sent: 22 October 2002 16:24 > Subject: Vulnerable cached objects in IE (9 advisories in 1) >

This message, and any attachments to it, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please notify and delete the material from any computer.