|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Richard M. Smith (rms
privacyfoundation.org)Date: Thu Oct 11 2001 - 13:18:55 CDT
I just checked in IE6 and it looks like the "medium" security level is
the default setting for the Intranet zone. This is the same default as
the Internet zone. Seems to me that if IE4 and IE5 have the same
default, then this bug is not going to affect very many people. I
suspect that most folks don't change the settings on the Intranet zone.
An interesting discovery nevertheless.
Richard
-----Original Message-----
From: kikkert security [mailto:unhackableshotmail.com]
Sent: Thursday, October 11, 2001 5:38 AM
To: bugtraqsecurityfocus.com; FOCUS-MSSECURITYFOCUS.COM
Subject: Serious security Flaw in Microsoft Internet Explorer - Zone
Spoofing
Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
------
Risk: POTENTIALLY HIGH.
Potentially allowing any possible action on the client machine,
including
reading any file, placing Trojan code or altering data.
The risk depends on the security settings in the 'Intranet zone'.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]