Re: Internet Explorer and Opera local zone restriction bypass

• Previous message: Joshua Levitsky: "Symantec AntiVirus and AOL"
• Maybe in reply to: Thor Larholm: "Re: Internet Explorer and Opera local zone restriction bypass"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Sun, 26 Oct 2003 08:20:10 +1100
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Thor Larholm <thor@PIVX.COM> wrote:

> ... this is not a problem with Microsofts Internet Explorer, but ...
> There are two completely new issues at hand here.
> The second issue is that IE ... inadvertently redirects to a local file ...
> Content-Location: file:///c:/somefile.html
> ... circumvents the initial restriction ... on all local protocols,
> such as file:// and res:// ...

How is that not an IE problem? Do all MS apologist self-contradict?

> Being able to store arbitrary content in a known location is vital to
> any of the current range of IE exploits. ...
> A similar issue ... has been found on several occasions where a
> third-party non-Microsoft application allows you to store arbitrary
> content in a known location. ...
> In summary, when Macromedia changes their Flash player to no longer
> store Flash cookies in plaintext in a known location, this will no
> longer be an issue. ... I doubt we will see any malicious use of the
> local file redirection variation you found.

My favourite store-arbitrary-local-file application is Eudora: it
pre-extracts attachments into files in a known location.

Cheers,

Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----

• Previous message: Joshua Levitsky: "Symantec AntiVirus and AOL"
• Maybe in reply to: Thor Larholm: "Re: Internet Explorer and Opera local zone restriction bypass"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-Disclosure] Re: Internet Explorer and Opera local zone restriction bypass ... Thor Larholm wrote: ... Do all MS apologist self-contradict? ... > store Flash cookies in plaintext in a known location, ... > local file redirection variation you found. ... (Full-Disclosure) Re: Internet Explorer and Opera local zone restriction bypass ... Thor Larholm wrote: ... Do all MS apologist self-contradict? ... > store Flash cookies in plaintext in a known location, ... > local file redirection variation you found. ... (Bugtraq) Re: Internet Explorer and Opera local zone restriction bypass ... Thor Larholm wrote: ... Do all MS apologist self-contradict? ... > store Flash cookies in plaintext in a known location, ... > local file redirection variation you found. ... (Full-Disclosure)