[9768] in bugtraq
New IE4 vulnerability : the clipboard again.
daemon@ATHENA.MIT.EDU (Aleph One)
Tue Feb 23 19:36:34 1999
Date: Tue, 23 Feb 1999 12:21:13 -0800
Reply-To: Aleph One <aleph1@UNDERGROUND.ORG>
From: Aleph One <aleph1@UNDERGROUND.ORG>
To: BUGTRAQ@NETSPACE.ORG
--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
--qDbXVdCdHGoSgWSk
Content-Type: message/rfc822
Content-Description: Forwarded message from Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES>
Received: (qmail 27851 invoked from network); 23 Feb 1999 19:35:55 -0000
Received: from dfw.nationwide.net (@198.175.15.10)
by underground.org with SMTP; 23 Feb 1999 19:35:55 -0000
Received: from vms.dc.lsoft.com (vms.dc.lsoft.com [209.119.1.27])
by dfw.nationwide.net (8.9.0/8.9.0) with ESMTP id MAA00327
for <aleph1@NATIONWIDE.NET>; Tue, 23 Feb 1999 12:21:17 -0600 (CST)
Received: from peach (209.119.0.4) by vms.dc.lsoft.com (LSMTP for OpenVMS v1.1a) with SMTP id <11.67D02D4D@vms.dc.lsoft.com>; Tue, 23 Feb 1999 13:18:03 -0500
Received: from LISTSERV.NTBUGTRAQ.COM by LISTSERV.NTBUGTRAQ.COM
(LISTSERV-TCP/IP release 1.8c) with spool id 70491 for
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM; Tue, 23 Feb 1999 13:21:57 -0500
Approved-By: Russ.Cooper@RC.ON.CA
Received: from fclients1.redestb.es ([194.179.106.34]) by tinet0.redestb.es
(Post.Office MTA v3.1 release PO203a ID# 0-0U10L2S100) with ESMTP id
AAA213; Mon, 22 Feb 1999 23:48:12 +0100
Received: from home ([62.81.101.243]) by fclients1.redestb.es (Post.Office MTA
v3.1.2 release (PO205-101c) ID# 0-0U10L2S100) with SMTP id AAA172;
Mon, 22 Feb 1999 23:48:11 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <00b301be5eb4$3bfccca0$6480e381@home>
Date: Mon, 22 Feb 1999 23:39:07 +0100
Reply-To: Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
From: Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES>
Subject: New IE4 vulnerability : the clipboard again.
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Greetings,=20
I have discovered another IE 4 clipboard vulnerability. The clipboard =
content can be made public by a very simple javascript code.
I reported the problem to Microsoft on Feb 10. They confirmed the =
problem. I t seems that they=20
were already aware of the problem and It will be fixed in the next IE 4 =
service pack.
The problem is located in the Internet WebBrowser ActiveX object.
Regards,
Juan Carlos
More info and a demo is available at :
http://pages.whowhere.com/computers/cuartangojc
Regards,
Juan Carlos
--qDbXVdCdHGoSgWSk--
