[27246] in bugtraq
RE: MSIE:"SaveRef" turns Zone off
daemon@ATHENA.MIT.EDU (Thor Larholm)
Wed Oct 2 11:18:35 2002
Message-ID: <00fd01c26a0c$357be8e0$858370d4@thor2k>
From: "Thor Larholm" <thor@pivx.com>
To: <bugtraq@securityfocus.com>, "Die Yu Liu" <liudieyuinchina@yahoo.com.cn>
Date: Wed, 2 Oct 2002 14:06:58 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
This also works in IE5.5 as well.
Besides reading cookies from arbitrary sites, this vulnerability also allows
local file reading and execution - when combined with the OBJECT
crossprotocol redirection vulnerability.
http://jscript.dk/2002/10/sec/SaveRefLocalFile.html
Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC
Are You Secure?
http://www.PivX.com
