Bugtraq mailing list archives
Re: Reappearance of an old IE security bug
From: vlad () SANDY RU (Vladimir Dubrovin)
Date: Mon, 17 Apr 2000 14:56:36 +0400
Hello Ben Mesander, I cann't confirm this bug. 17.04.00 3:09, you wrote: Reappearance of an old IE security bug; B> I have found a way to have a Java applet open a connection to an arbitrary B> host and violate the Java security model in Internet Explorer 5. This is a bug B> I first discovered in 1997, and Microsoft fixed it then. It seems to B> have reappeared in the latest IE 5. Under MSIE 5.01 (5.00.2919.6307) WinNT 4.0/SP6a, Java Security is set to "high" applet generates security exception. B> This vulnerability allows malicious websites to download a java applet to B> a user's desktop, and use the desktop to send content from sites inside a B> firewall to the malicious webserver or another host. B> http://www.hungry.com/~ben/msie_bug/ B> --Ben +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+
Current thread:
- Re: Back Door in Commercial Shopping Cart, (continued)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
- Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
- nmh-1.0.4 released Dan Harkless (Apr 14)
- xfs Michal Zalewski (Apr 16)
- StarOffice 5.1 Michal Zalewski (Apr 16)
- XFree86 server overflow Michal Zalewski (Apr 16)
- XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
- Reappearance of an old IE security bug Ben Mesander (Apr 16)
- Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
- Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
- Re: XFree86 server overflow Olaf Kirch (Apr 17)
- Re: XFree86 server overflow Valentin Pavlov (Apr 17)
- Microsoft Security Bulletin (MS00-025) Microsoft Product Security (Apr 17)
- Re: XFree86 server overflow Paweł Sakowski (Apr 17)
- RAZOR Analysis of dvwssr.dll Simple Nomad (Apr 17)
- response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Theo de Raadt (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command R. C. Dowdeswell (Apr 17)