[34017] in bugtraq
RE: New Internet Explorer Cross Zone/Site Scripting Vulnerability
daemon@ATHENA.MIT.EDU (Thor Larholm)
Wed Mar 3 15:19:24 2004
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Wed, 3 Mar 2004 11:49:44 -0800
Message-ID: <8B32EDC90D8F4E4AB40918883281874D2741B9@pivxwin2k1.secnet.pivx.com>
From: "Thor Larholm" <tlarholm@pivx.com>
To: "Cheng Peng Su" <apple_soup@msn.com>, <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
This is not a new vulnerability but was covered on Bugtraq in September
by jelmer and Liu Die Yu.
Jelmer highlighted the Media Bar Ressource Injection vulnerability in
his exploit published on September 11, 2003 at
http://securityfocus.com/archive/1/337285
Which followed Liu Die Yus post on September 10 about a Search Pane
Injection vulnerability at
http://www.securityfocus.com/archive/1/336931
However, both failed to elaborate that the _media and _search injections
are possible through not only the FILE protocol but also the HTTP
protocol. Your proof-of-concept is a good demonstration on how to extend
these 2 related vulnerabilities to also cover arbitrary webpages such as
Google or Passport.
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@pivx.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: Cheng Peng Su [mailto:apple_soup@msn.com]
Sent: Wednesday, March 03, 2004 4:47 AM
To: bugtraq@securityfocus.com
Subject: New Internet Explorer Cross Zone/Site Scripting Vulnerability
Snip
http://www.securityfocus.com/archive/1/356083/2004-02-29/2004-03-06/0
