Bugtraq mailing list archives
RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
From: rms () privacyfoundation org (Richard M. Smith)
Date: Thu, 11 Oct 2001 14:18:55 -0400
I just checked in IE6 and it looks like the "medium" security level is the default setting for the Intranet zone. This is the same default as the Internet zone. Seems to me that if IE4 and IE5 have the same default, then this bug is not going to affect very many people. I suspect that most folks don't change the settings on the Intranet zone. An interesting discovery nevertheless. Richard -----Original Message----- From: kikkert security [mailto:unhackables () hotmail com] Sent: Thursday, October 11, 2001 5:38 AM To: bugtraq () securityfocus com; FOCUS-MS () SECURITYFOCUS COM Subject: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing ------ Risk: POTENTIALLY HIGH. Potentially allowing any possible action on the client machine, including reading any file, placing Trojan code or altering data. The risk depends on the security settings in the 'Intranet zone'.
Current thread:
- Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing kikkert security (Oct 11)
- RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing Richard M. Smith (Oct 11)
- <Possible follow-ups>
- RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing j jf (Oct 14)