RE: Vulnerable cached objects in IE (9 advisories in 1)

From: Thor Larholm (
Date: 10/23/02

From: Thor Larholm <>
To: 'jelmer' <>, Bugtraq <>
Date: Wed, 23 Oct 2002 11:13:57 +0200

> From: jelmer []
> The external method flaw also seems to affects my ie6 sp1 browser

I can confirm this as well, together with the clipboardData method flaw.

It's a surprise that Microsoft didn't fix this globally in SP1, instead of
applying checks to each individual method and object. At first, I assumed
they had made a generic fix, but with this in the open it is clear that they
only patched specifics and that there will be many more vulnerabilities in
the method/object caching category.

Thor Larholm