[27577] in bugtraq
RE: Vulnerable cached objects in IE (9 advisories in 1)
daemon@ATHENA.MIT.EDU (GreyMagic Software)
Wed Oct 23 15:11:21 2002
From: "GreyMagic Software" <security@greymagic.com>
To: "Bugtraq" <bugtraq@securityfocus.com>
Date: Wed, 23 Oct 2002 11:02:52 +0200
Message-ID: <LPBBLDGNEFOGMGAEHJPBMEMCDAAA.security@greymagic.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <002b01c279ee$758e90d0$9e00000a@pluto>
>The external method flaw also seems to affects my ie6 sp1 browser
Indeed, it was overlooked in the final write-up of the advisory.
It's also worth mentioning that IE6 SP1 is vulnerable to the "clipboardData"
object caching as well, which, unfortunately, wasn't mentioned before.
The advisory and demonstration have been revised to reflect these and IE6
SP1 is again open to local file reading, program execution and clipboard
control in addition to global access to any domain.
http://sec.greymagic.com/adv/gm012-ie/
