[22837] in bugtraq
RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
daemon@ATHENA.MIT.EDU (Richard M. Smith)
Thu Oct 11 16:39:06 2001
From: rms@privacyfoundation.org (Richard M. Smith)
To: "'kikkert security'" <unhackables@hotmail.com>,
<bugtraq@securityfocus.com>, <FOCUS-MS@securityfocus.com>
Date: Thu, 11 Oct 2001 14:18:55 -0400
Message-ID: <003001c15281$30764280$a70ac580@bu.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <F113QTwL7d2V5k4q9mb00002e64@hotmail.com>
I just checked in IE6 and it looks like the "medium" security level is
the default setting for the Intranet zone. This is the same default as
the Internet zone. Seems to me that if IE4 and IE5 have the same
default, then this bug is not going to affect very many people. I
suspect that most folks don't change the settings on the Intranet zone.
An interesting discovery nevertheless.
Richard
-----Original Message-----
From: kikkert security [mailto:unhackables@hotmail.com]
Sent: Thursday, October 11, 2001 5:38 AM
To: bugtraq@securityfocus.com; FOCUS-MS@SECURITYFOCUS.COM
Subject: Serious security Flaw in Microsoft Internet Explorer - Zone
Spoofing
Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
------
Risk: POTENTIALLY HIGH.
Potentially allowing any possible action on the client machine,
including
reading any file, placing Trojan code or altering data.
The risk depends on the security settings in the 'Intranet zone'.
