Results 1 to 4 of 4

Thread: Who framed Internet Explorer.

  1. #1
    Senior Member
    Join Date
    Dec 2001

    Exclamation Who framed Internet Explorer.

    Taken from : GreyMagic Security Research ( http://sec.greymagic.com/news/ )

    09-Sep-2002- Internet Explorer does it again. This time, sites that use frames or iframes are exposing their users to attacks. We discovered that it is possible for an attacker to execute script on any site that contains a frame or iframe element, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that with little effort, an attacker is able to read local files, execute arbitrary programs, steal cookies, forge site content and more.

    Read the rest Here
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  2. #2
    Join Date
    Mar 2002
    microsoft's motto: we'll, we'll rock you.(again and again and again.....

  3. #3
    Senior Member
    Join Date
    Feb 2002
    read through that, and found it very interesting. Although besides reading certain files off of a vulerable server, what could possably be done here? I see that you can run code on there, what kind of code is it, and what kind of security problems does this make?

    I am open to comments...

    Have done some extensive testing on this and found it does not work correctly, or as stated. I have gotten it to work locally from the source, but fail to get it to work correctly remotely...
    Ron Paul: Hope for America

  4. #4
    Senior Member
    Join Date
    Nov 2001
    What I can see is the code execution a variation of a old (several?) vulnerabilitie(s).

    The danger could be if someone could plant a custom executable on the system. Or if its possible to pass switches to command utilities with this vulnerability. I could not start a program and pass switches to it with this vulnerability, but Im far from a programming expert and a skilled person may find a way to do this.

    Similiar security flaws can be found in the following threads (and older threads aswell):



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts