Bugtraq mailing list archives
New IE4 privacy issue
From: aleph1 () UNDERGROUND ORG (aleph1 () UNDERGROUND ORG)
Date: Mon, 25 Jan 1999 10:11:44 -0800
Greetings, There is a new IE 4 issue affecting privacy. The clipboard content can be made public by a javascript code two lines long. I reported the problem to Microsoft on Jan 7 and they have posted the corresponding security bulletin and a fix today 21 January. Although the vulnerability can be exploited from IE 4 navigator it is not a IE 4 bug. The problem is located in some ActiveX called "MS Forms 2.0" that are shipped and installed with the following applications : Microsoft Office 97 Microsot Outlook 98 Microsoft Project 98 Microsoft Visual Basic 5.0 Other non MS applications based on VB or VBA More info and a demo is available at : http://pages.whowhere.com/computers/cuartangojc Microsoft security bulletin is : http://www.microsoft.com/security/bulletins/ms99-001.asp Regards, Juan Carlos
Current thread:
- Re: SSH 1.x and 2.x Daemon, (continued)
- Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
- Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
- Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)
- Re: SSH 1.x and 2.x Daemon Alan Olsen (Jan 24)
- baynetworks router DoS Virsoft (Jan 25)
- Re: baynetworks router DoS Neale Banks (Jan 26)
- 2.2.0 SECURITY (fwd) Aaron Lehmann (Jan 26)
- IBM CICS Universal Client 3.x Rude Yak (Jan 27)
- Re: SSH 1.x and 2.x Daemon Yutaka OIWA (Jan 25)
- Call for Papers: UNIX AND WINDOWS NT Fred Donck (Jan 25)
- New IE4 privacy issue aleph1 () UNDERGROUND ORG (Jan 25)
- Re: SSH 1.x and 2.x Daemon Jim Bourne (Jan 25)
- Re: backdoored tcp wrapper source code Wietse Venema (Jan 23)
- LocalSecure Testing Program NSS SDT (Jan 21)
- Re: backdoored tcp wrapper source code John Stange (Jan 24)
- Advisory: IIS FTP Exploit/DoS Attack Marc (Jan 24)
- Re: Advisory: IIS FTP Exploit/DoS Attack Seth McGann (Jan 24)
- Re: Advisory: IIS FTP Exploit/DoS Attack Matt Conover (Jan 25)
- IIS Advisory Marc (Jan 24)