Bugtraq mailing list archives
RE: MSIE:"SaveRef" turns Zone off
From: "Thor Larholm" <thor () pivx com>
Date: Wed, 2 Oct 2002 14:06:58 +0200
This also works in IE5.5 as well. Besides reading cookies from arbitrary sites, this vulnerability also allows local file reading and execution - when combined with the OBJECT crossprotocol redirection vulnerability. http://jscript.dk/2002/10/sec/SaveRefLocalFile.html Regards Thor Larholm, Security Researcher PivX Solutions, LLC Are You Secure? http://www.PivX.com
Current thread:
- MSIE:"SaveRef" turns Zone off Liu Die Yu (Oct 01)
- <Possible follow-ups>
- RE: MSIE:"SaveRef" turns Zone off Thor Larholm (Oct 02)