Source: "bugtraq@securityfocus.com"

Bypassing cookie restrictions in IE 5+6

Description

A cookie is a small bit of information that a web site stores on your
computer. When you revisit the web site, your browser sends the information
back to the site. Usually a cookie is designed to remember and tell a web
site some useful information about you. For example, an online bookstore
might use a cookie to record the authors and titles of books you have
ordered. When you return to the online bookstore, your browser lets the
bookstore's site read the cookie. The site might then compile a list of
books by the same authors, or books on related topics, and show you that
list.
This activity is invisible to you. Unless you have set your preferences so
that you will be alerted when a cookie is being stored on your computer, you
won't know about it. When you return to a web site, you won't know that a
cookie is being read. From your point of view, in the example above, you'd
simply visit the online bookstore, and a list of books that might be of
interest to you would magically appear.
Cookies are usually harmless. They can't be used to gather information about
you (unless you provide it). But some services do use cookies to create a
profile of your interests based on the sites you visit and the things you do
there. Advertisers on participating sites can then tailor online advertising
to your interests and buying habits.
Out of privacy concerns some people choose to disable cookies all together
or prefer to have closer control over what sites are allowed to store
cookies.
Only recently microsoft add some advanced cookie filtering to internet
explorer 6

Through use of the userData bahaviour these privacy settings can be
circumvented.
The following was taken from microsofts site


The userData behavior persists information across sessions by writing to a
UserData store.
This provides a data structure that is more dynamic and has a greater
capacity than cookies.


This behaviour completely ignores the privacy settings and allows website
owners and advertisers to start tracking your every move once again.

Systems affected

Internet explorer 5
Internet explorer 5.5
Internet explorer 6

Demonstration

First disable cookies by (on ie6 at least this is the way to do it) going to
tools > privacy then set it
to block all.

goto http://www.xs4all.nl/~jkuperus/cookies.htm for an example , enter a
value press save

close the browser reopen the page and press load, the value is preserved


Vendor status:

I will send microsoft a cc of this email

Workaround:

disable active scripting


references:

http://msdn.microsoft.com/library/de...asp?frame=true

http://support.microsoft.com/default...EN-US;Q283185&