[15831] in bugtraq
Re: IE 5.5 and 5.01 vulnerability - reading at least local and
daemon@ATHENA.MIT.EDU (Kevin van der Raad)
Tue Jul 18 16:23:38 2000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------BE8C4FED53697E93D6B7C9ED"
Message-Id: <39740827.3ACDE2ED@itsec.nl>
Date: Tue, 18 Jul 2000 09:32:55 +0200
Reply-To: k.van.der.raad@itsec.nl
From: Kevin van der Raad <k.van.der.raad@ITSEC.NL>
X-To: "Morgon, Glenn - SWA" <Glenn.Morgon@NEXTEL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------BE8C4FED53697E93D6B7C9ED
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
We've tested it as well. IE 5.0 (5.00.2919.6307) on NT4.0 (4.00.1381)
was vulnerable.
"Morgon, Glenn - SWA" wrote:
>
> I have tested and confirmed this on IE 5.0 (5.00.2314.1003) on Win95b and on
> IE 4.0 (4.72.3612.1713) also on Win95b as both vulnerable.
>
> Glenn Morgon
>
> -----Original Message-----
> From: Georgi Guninski [mailto:joro@NAT.BG]
> Sent: Friday, July 14, 2000 4:30 AM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: IE 5.5 and 5.01 vulnerability - reading at least local and from
> any host text and parsed html files
>
> Georgi Guninski security advisory #16, 2000
>
> IE 5.5 and 5.01 vulnerability - reading at least local and from any host
> text and parsed html files
>
> Systems affected: IE 5.5, 5.01 / Win98 - probably other versions, have
> not tested
> Risk: Medium
>
> <snip>
>
> Copyright 2000 Georgi Guninski
>
> Regards,
> Georgi Guninski
> http://www.nat.bg/~joro
--------------BE8C4FED53697E93D6B7C9ED
Content-Type: text/x-vcard; charset=us-ascii;
name="k.van.der.raad.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Kevin van der Raad
Content-Disposition: attachment;
filename="k.van.der.raad.vcf"
begin:vcard
n:Raad, van der;Kevin
tel;cell:+31624548081
tel;fax:+31 23 534 54 77
tel;work:+31 23 542 05 78
x-mozilla-html:FALSE
url:http://www.itsec.nl
org:ITsec Nederland B.V.;Exploit & Vulnerability Alerting Service
adr:;;Postbus 5120;Haarlem;NL;2000 GC;The Netherlands
version:2.1
email;internet:k.van.der.raad@itsec.nl
title:BEng, Software Engineer
fn:Kevin van der Raad
end:vcard
--------------BE8C4FED53697E93D6B7C9ED--
