RE: Vulnerable cached objects in IE (9 advisories in 1)

From: Thor Larholm (Thor@jubii.dk)
Date: 10/23/02

• Previous message: OpenPKG: "[OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)"
• Maybe in reply to: GreyMagic Software: "Vulnerable cached objects in IE (9 advisories in 1)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Thor Larholm <Thor@jubii.dk>
To: 'jelmer' <jkuperus@xs4all.nl>, Bugtraq <bugtraq@securityfocus.com>
Date: Wed, 23 Oct 2002 11:13:57 +0200

> From: jelmer [mailto:jkuperus@xs4all.nl]
> The external method flaw also seems to affects my ie6 sp1 browser

I can confirm this as well, together with the clipboardData method flaw.

It's a surprise that Microsoft didn't fix this globally in SP1, instead of
applying checks to each individual method and object. At first, I assumed
they had made a generic fix, but with this in the open it is clear that they
only patched specifics and that there will be many more vulnerabilities in
the method/object caching category.

Regards
Thor Larholm

---

• Previous message: OpenPKG: "[OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)"
• Maybe in reply to: GreyMagic Software: "Vulnerable cached objects in IE (9 advisories in 1)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-10