Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

New IE4 vulnerability : the clipboard again.

From: aleph1 () UNDERGROUND ORG (Aleph One)
Date: Tue, 23 Feb 1999 12:21:13 -0800

--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii


--qDbXVdCdHGoSgWSk
Content-Type: message/rfc822
Content-Description: Forwarded message from Juan Carlos Garcia Cuartango <cuartangojc () MX3 REDESTB ES>

Received: (qmail 27851 invoked from network); 23 Feb 1999 19:35:55 -0000
Received: from dfw.nationwide.net (@198.175.15.10)
  by underground.org with SMTP; 23 Feb 1999 19:35:55 -0000
Received: from vms.dc.lsoft.com (vms.dc.lsoft.com [209.119.1.27])
        by dfw.nationwide.net (8.9.0/8.9.0) with ESMTP id MAA00327
        for <aleph1 () NATIONWIDE NET>; Tue, 23 Feb 1999 12:21:17 -0600 (CST)
Received: from peach (209.119.0.4) by vms.dc.lsoft.com (LSMTP for OpenVMS v1.1a) with SMTP id <11.67D02D4D () vms dc 
lsoft com>; Tue, 23 Feb 1999 13:18:03 -0500
Received: from LISTSERV.NTBUGTRAQ.COM by LISTSERV.NTBUGTRAQ.COM
          (LISTSERV-TCP/IP release 1.8c) with spool id 70491 for
          NTBUGTRAQ () LISTSERV NTBUGTRAQ COM; Tue, 23 Feb 1999 13:21:57 -0500
Approved-By: Russ.Cooper () RC ON CA
Received: from fclients1.redestb.es ([194.179.106.34]) by tinet0.redestb.es
          (Post.Office MTA v3.1 release PO203a ID# 0-0U10L2S100) with ESMTP id
          AAA213; Mon, 22 Feb 1999 23:48:12 +0100
Received: from home ([62.81.101.243]) by fclients1.redestb.es (Post.Office MTA
          v3.1.2 release (PO205-101c) ID# 0-0U10L2S100) with SMTP id AAA172;
          Mon, 22 Feb 1999 23:48:11 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding:  quoted-printable
Message-ID:  <00b301be5eb4$3bfccca0$6480e381@home>
Date:         Mon, 22 Feb 1999 23:39:07 +0100
Reply-To: Juan Carlos Garcia Cuartango <cuartangojc () MX3 REDESTB ES>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQ () LISTSERV NTBUGTRAQ COM>
From: Juan Carlos Garcia Cuartango <cuartangojc () MX3 REDESTB ES>
Subject:      New IE4 vulnerability : the clipboard again.
To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM

Greetings,=20

I have discovered another IE 4 clipboard vulnerability. The clipboard =
content can be made public by a very simple javascript code.
I reported the problem to Microsoft on Feb 10. They confirmed the =
problem. I t seems that they=20
were already aware of the problem and It will be fixed in the next IE 4 =
service pack.
The problem is located in the Internet WebBrowser ActiveX object.
Regards,
Juan Carlos


More info and a demo is available at :
http://pages.whowhere.com/computers/cuartangojc


Regards,


Juan Carlos


--qDbXVdCdHGoSgWSk--
Previous By Date Next
Previous By Thread Next

Current thread: