|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thor Larholm (thor_at_pivx.com)
Date: Wed Oct 02 2002 - 07:06:58 CDT
This also works in IE5.5 as well.
Besides reading cookies from arbitrary sites, this vulnerability also allows
local file reading and execution - when combined with the OBJECT
crossprotocol redirection vulnerability.
http://jscript.dk/2002/10/sec/SaveRefLocalFile.html
Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC
Are You Secure?
http://www.PivX.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]