Re: Minor IE vulnerability: about: URLs

From: Pedro Miller Rabinovitch (pedro@ciphertech.com.br)
Date: 10/19/01

Previous message: Nick FitzGerald: "Re: Minor IE vulnerability: about: URLs"
In reply to: Clover Andrew: "Minor IE vulnerability: about: URLs"
Next in thread: Simon Kornblith: "Re: Minor IE vulnerability: about: URLs"
Reply: Simon Kornblith: "Re: Minor IE vulnerability: about: URLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <a05001909b7f64a667b9e@[192.168.1.71]>
Date: Fri, 19 Oct 2001 19:47:07 -0200
To: "Clover Andrew" <aclover@1value.com>, <bugtraq@securityfocus.com>
From: Pedro Miller Rabinovitch <pedro@ciphertech.com.br>
Subject: Re: Minor IE vulnerability: about: URLs

At 17:13 +0200 19.10.01, Clover Andrew wrote:
>Versions:
>
>Assume all versions of IE/Win are vulnerable. Status of IE under other
>platforms is unknown. Versions tested:
>
>4.72.3612.1713 (SP2; 3283)
>5.00.3315.1000 (SP2)
>5.50.4522.1800
>6.0.2600.0000

I've confirmed the bug in the above.

In MacOs 9.1, IE5 and IE4.5 do not expose the hidden about:
'feature'. Thus, they don't seem to be vulnerable.

As a U.S. Senator recently said (as quoted by Wired magazine) on the
whole security problem: "Use a Mac." ;-)
(please take this comment with a truckload of salt. I *am* j/k)

>A Microsoft chap pointed out that sites can already break out of the
>Restricted Sites Zone, simply by pointing at another site that is
>not in that Zone.

Compare the effort on both fronts. I agree with Clover's comments.

Regards,

Pedro.

-- Pedro Miller Rabinovitch Diretor de Tecnologia Cipher Technology 21-2579-3999 www.ciphertech.com.br

_____ "Segurança em TI - uma especialidade Cipher Technology"

Previous message: Nick FitzGerald: "Re: Minor IE vulnerability: about: URLs"
In reply to: Clover Andrew: "Minor IE vulnerability: about: URLs"
Next in thread: Simon Kornblith: "Re: Minor IE vulnerability: about: URLs"
Reply: Simon Kornblith: "Re: Minor IE vulnerability: about: URLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Microsoft Security Bulletin MS02-023
... IE ships with several files that contain HTML on the local file ... An attacker could craft a web page ... with a URL that exploits this vulnerability and then either host ... it introduces a behavior change to the Restricted Sites zone. ...
(microsoft.public.security)
Re: Microsoft Security Bulletin MS02-023
... > - A cross-site scripting vulnerability in a Local HTML Resource. ... An attacker could craft a web page ... it introduces a behavior change to the Restricted Sites zone. ...
(microsoft.public.security)
Re: Update and comments on the MS02-023 patch, holes still remain
... The Restricted Sites Zone ... > tries to disable scripting (a requisite for the dialogArguments ... > vulnerability), but many vulnerabilities allow you to circumvent this ... So essentially the Restricted Sites feature offers zero security protection ...
(Bugtraq)