[22932] in bugtraq
Re: Minor IE vulnerability: about: URLs
daemon@ATHENA.MIT.EDU (Simon Kornblith)
Sat Oct 20 11:28:15 2001
Date: Sat, 20 Oct 2001 09:34:25 -0400
From: Simon Kornblith <slists@simonster.com>
To: Pedro Miller Rabinovitch <pedro@ciphertech.com.br>,
Clover Andrew <aclover@1value.com>, <bugtraq@securityfocus.com>
Message-ID: <B7F6F5A0.2FB%slists@simonster.com>
In-Reply-To: <a05001909b7f64a667b9e@[192.168.1.71]>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
On 10/19/01 5:47 PM, "Pedro Miller Rabinovitch" <pedro@ciphertech.com.br>
wrote:
> At 17:13 +0200 19.10.01, Clover Andrew wrote:
>> Versions:
>>
>> Assume all versions of IE/Win are vulnerable. Status of IE under other
>> platforms is unknown. Versions tested:
>>
>> 4.72.3612.1713 (SP2; 3283)
>> 5.00.3315.1000 (SP2)
>> 5.50.4522.1800
>> 6.0.2600.0000
>
> I've confirmed the bug in the above.
>
> In MacOs 9.1, IE5 and IE4.5 do not expose the hidden about:
> 'feature'. Thus, they don't seem to be vulnerable.
>
> As a U.S. Senator recently said (as quoted by Wired magazine) on the
> whole security problem: "Use a Mac." ;-)
> (please take this comment with a truckload of salt. I *am* j/k)
I can also confirm that IE 5.1 for Mac OS X isn't vulnerable. It just shows
the entire thing in the title of the about box, even if you type in
about:</title>. Not sure if this was the same outcome as IE5 and IE4.5, it
probably was.
>> A Microsoft chap pointed out that sites can already break out of the
>> Restricted Sites Zone, simply by pointing at another site that is
>> not in that Zone.
Simon
