|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" content-class: urn:content-classes:message Date: Wed, 5 Nov 2003 12:56:10 -0800 Message-ID: <8B32EDC90D8F4E4AB40918883281874D0BAF52@pivxwin2k1.secnet.pivx.com> From: "Thor Larholm" <thor@pivx.com> To: "Liu Die Yu" <liudieyuinchina@yahoo.com.cn>, <bugtraq@securityfocus.com> Content-Transfer-Encoding: 8bit I can only reproduce this from the My Computer zone, which already allows arbitrary command execution through the codeBase vulnerability - I don't see anything new in this, but feel free to correct me. Regards Thor Larholm Senior Security Researcher PivX Solutions, LLC Get our research, join our mailinglist - http://pivx.com/larholm/ -----Original Message----- From: Liu Die Yu [mailto:liudieyuinchina@yahoo.com.cn] Sent: Wednesday, November 05, 2003 2:32 AM To: bugtraq@securityfocus.com Subject: IE: double slash moves cache from INTERNET zone to MYCOMPUTER zone Snip http://www.securityfocus.com/archive/1/343474/2003-11-02/2003-11-08/0
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |