[14536] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Reappearance of an old IE security bug

daemon@ATHENA.MIT.EDU (Ben Mesander)
Sun Apr 16 23:14:18 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id:  <l03130301b51ff7d482a8@[10.0.0.3]>
Date:         Sun, 16 Apr 2000 17:09:04 -0600
Reply-To: Ben Mesander <bam@DIMENSIONAL.COM>
From: Ben Mesander <bam@DIMENSIONAL.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

I have found a way to have a Java applet open a connection to an arbitrary
host and violate the Java security model in Internet Explorer 5. This is a bug
I first discovered in 1997, and Microsoft fixed it then. It seems to
have reappeared in the latest IE 5.

This vulnerability allows malicious websites to download a java applet to
a user's desktop, and use the desktop to send content from sites inside a
firewall to the malicious webserver or another host.

http://www.hungry.com/~ben/msie_bug/

--Ben


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14536] in bugtraq

Reappearance of an old IE security bug

daemon@ATHENA.MIT.EDU (Ben Mesander)Sun Apr 16 23:14:18 2000

daemon@ATHENA.MIT.EDU (Ben Mesander)
Sun Apr 16 23:14:18 2000