Computer Security - Microsoft Internet Explorer Vulnerability

06-28-2006, 03:09 AM

"Microsoft Internet Explorer is prone to an information-disclosure
vulnerability because it fails to properly enforce cross-domain policies.

This issue may allow attackers to access arbitrary websites in the context
of a targeted user's browser session. This may allow attackers to perform
actions in web applications with the privileges of exploited users or to
gain access to potentially sensitive information. This may aid attackers in
further attacks.

Microsoft Internet Explorer version 6.0 on Windows XP SP2 is vulnerable to
this issue; other versions may also be affected."

http://www.securityfocus.com/bid/18682/discuss

-- Imhotep

--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************

imhotep

06-28-2006, 10:55 AM

imhotep wrote:
> "Microsoft Internet Explorer is prone to an information-disclosure
> vulnerability because it fails to properly enforce cross-domain policies.

MUAHAHA!

IE cannot ever enforce cross-domain policies by design! Lie Di Yu has
pointed that out back in 2004 and nothing has been changed since then.

<http://www.safecenter.net/crosszone/ie/SaveRef.htm>

Sebastian Gottschalk

06-28-2006, 10:55 AM	#2
Sebastian Gottschalk Posts: n/a	Re: Microsoft Internet Explorer Vulnerability imhotep wrote: > "Microsoft Internet Explorer is prone to an information-disclosure > vulnerability because it fails to properly enforce cross-domain policies. MUAHAHA! IE cannot ever enforce cross-domain policies by design! Lie Di Yu has pointed that out back in 2004 and nothing has been changed since then. <http://www.safecenter.net/crosszone/ie/SaveRef.htm> Sebastian Gottschalk

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Computer Security	aldrich.chappel.com.use@gmail.com	A+ Certification	0	11-27-2007 02:11 AM
OT: Certifications... Worth it?	Michael D. Alligood	MCTS	12	04-10-2007 10:16 PM
OT: Certifications... Worth it?	Michael D. Alligood	MCITP	12	04-10-2007 10:16 PM
Re: Microsoft Internet Explorer	Jason Peavey	A+ Certification	0	11-03-2005 08:03 PM
Re: Microsoft Internet Explorer	Atxa	A+ Certification	0	11-01-2005 05:09 PM

06-28-2006, 03:09 AM	#1
	Microsoft Internet Explorer Vulnerability "Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may allow attackers to access arbitrary websites in the context of a targeted user's browser session. This may allow attackers to perform actions in web applications with the privileges of exploited users or to gain access to potentially sensitive information. This may aid attackers in further attacks. Microsoft Internet Explorer version 6.0 on Windows XP SP2 is vulnerable to this issue; other versions may also be affected." http://www.securityfocus.com/bid/18682/discuss -- Imhotep -- *********************************** Pass a Net Neutrality Law in the US!!!! Save the Internet: http://www.savetheinternet.com/ Its our net: http://www.itsournet.org/ *********************************** imhotep