Bugtraq mailing list archives

RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing

From: rms () privacyfoundation org (Richard M. Smith)
Date: Thu, 11 Oct 2001 14:18:55 -0400

I just checked in IE6 and it looks like the "medium" security level is
the default setting for the Intranet zone.  This is the same default as
the Internet zone.  Seems to me that if IE4 and IE5 have the same
default, then this bug is not going to affect very many people.  I
suspect that most folks don't change the settings on the Intranet zone.

An interesting discovery nevertheless.

Richard

-----Original Message-----
From: kikkert security [mailto:unhackables () hotmail com] 
Sent: Thursday, October 11, 2001 5:38 AM
To: bugtraq () securityfocus com; FOCUS-MS () SECURITYFOCUS COM
Subject: Serious security Flaw in Microsoft Internet Explorer - Zone
Spoofing


Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing

------
Risk: POTENTIALLY HIGH.
Potentially allowing any possible action on the client machine,
including 
reading any file, placing Trojan code or altering data.
The risk depends on the security settings in the 'Intranet zone'.

Current thread:

Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing kikkert security (Oct 11)
- RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing Richard M. Smith (Oct 11)
- <Possible follow-ups>
- RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing j jf (Oct 14)