RE: Vulnerable cached objects in IE (9 advisories in 1)

From: Thor Larholm (Thor@jubii.dk)
Date: 10/23/02


From: Thor Larholm <Thor@jubii.dk>
To: 'jelmer' <jkuperus@xs4all.nl>, Bugtraq <bugtraq@securityfocus.com>
Date: Wed, 23 Oct 2002 11:13:57 +0200


> From: jelmer [mailto:jkuperus@xs4all.nl]
> The external method flaw also seems to affects my ie6 sp1 browser

I can confirm this as well, together with the clipboardData method flaw.

It's a surprise that Microsoft didn't fix this globally in SP1, instead of
applying checks to each individual method and object. At first, I assumed
they had made a generic fix, but with this in the open it is clear that they
only patched specifics and that there will be many more vulnerabilities in
the method/object caching category.

Regards
Thor Larholm