Bugtraq mailing list archives
RE: Who framed Internet Explorer and IE6 SP1
From: "GreyMagic Software" <security () greymagic com>
Date: Tue, 10 Sep 2002 19:21:53 +0200
We received numerous emails asking whether the frames issue is (partially) fixed in IE6 SP1 since the "Program execution" and "Local file reading" demonstrations in our advisory did not function. These demonstrations did not function because SP1 blocks links to res:// and file:// URLs and not because Microsoft fixed the core vulnerability (this could have been verified by running the first and second demonstrations). We have now revised both demonstrations according to Thor's post, and it is again possible to read local files and execute programs under IE6 SP1 as well. The advisory and demonstrations can be found at http://sec.greymagic.com/adv/gm010-ie/.
..Ironically, though, the fix itself opens up a way to circumvent this security measure. You can still open any file:// or res:// file automatically with <object type="text/html" data="redirect.asp"></object>
Current thread:
- IE6 SP1 Notes Thor Larholm (Sep 10)
- RE: Who framed Internet Explorer and IE6 SP1 GreyMagic Software (Sep 10)