[9213] in bugtraq
New IE4 privacy issue
daemon@ATHENA.MIT.EDU (aleph1@UNDERGROUND.ORG)
Mon Jan 25 16:18:10 1999
Date: Mon, 25 Jan 1999 10:11:44 -0800
Reply-To: Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES>
From: aleph1@UNDERGROUND.ORG
To: BUGTRAQ@NETSPACE.ORG
Greetings,=20
There is a new IE 4 issue affecting privacy. The clipboard content can =
be made public by a javascript code two lines long.
I reported the problem to Microsoft on Jan 7 and they have posted the =
corresponding security bulletin and a fix today 21 January.
Although the vulnerability can be exploited from IE 4 navigator it is =
not a IE 4 bug. The problem is located in some ActiveX called "MS Forms =
2.0" that are shipped and installed with the following applications :
Microsoft Office 97
Microsot Outlook 98
Microsoft Project 98
Microsoft Visual Basic 5.0
Other non MS applications based on VB or VBA=20
More info and a demo is available at :
http://pages.whowhere.com/computers/cuartangojc
Microsoft security bulletin is :=20
http://www.microsoft.com/security/bulletins/ms99-001.asp
Regards,
Juan Carlos
