Bugtraq mailing list archives
RE: Microsoft Internet Explorer 'Folder View for FTP sites' Scrip t Execution vulnerability
From: Thor Larholm <Thor () jubii dk>
Date: Thu, 6 Jun 2002 23:55:53 +0200
I was a bit confused as to whether this had to be triggered _from_ the My Computer zone, but tests quickly proofed that this is definitely remotely exploitable. To clear things up, this is yet another XSS vulnerability that allows arbitrary HTML to be inserted in the My Computer zone. This makes it quite easy to e.g. execute arbitrary commands, undoubtedly a more fun demonstration: http://jscript.dk/Jumper/xploit/ftpfolderview.html Status: 18 unpatched vulnerabilities. http://jscript.dk/Unpatched/ Regards Thor Larholm Jubii A/S - Internet Programmer
Current thread:
- RE: Microsoft Internet Explorer 'Folder View for FTP sites' Scrip t Execution vulnerability Thor Larholm (Jun 06)