[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Internet Explorer and Opera local zone restriction bypass
- To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, mindwarper@linuxmail.org, psz@maths.usyd.edu.au, thor@pivx.com
- Subject: Re: Internet Explorer and Opera local zone restriction bypass
- From: psz@maths.usyd.edu.au (Paul Szabo)
- Date: Sun, 26 Oct 2003 08:20:10 +1100 (EST)
Thor Larholm <thor@PIVX.COM> wrote:
> ... this is not a problem with Microsofts Internet Explorer, but ...
> There are two completely new issues at hand here.
> The second issue is that IE ... inadvertently redirects to a local file ...
> Content-Location: file:///c:/somefile.html
> ... circumvents the initial restriction ... on all local protocols,
> such as file:// and res:// ...
How is that not an IE problem? Do all MS apologist self-contradict?
> Being able to store arbitrary content in a known location is vital to
> any of the current range of IE exploits. ...
> A similar issue ... has been found on several occasions where a
> third-party non-Microsoft application allows you to store arbitrary
> content in a known location. ...
> In summary, when Macromedia changes their Flash player to no longer
> store Flash cookies in plaintext in a known location, this will no
> longer be an issue. ... I doubt we will see any malicious use of the
> local file redirection variation you found.
My favourite store-arbitrary-local-file application is Eudora: it
pre-extracts attachments into files in a known location.
Cheers,
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia