Full Disclosure mailing list archives

Re: Microsoft Internet Explorer Local File Accesses Vulnerability

From: "Peter Dawson" <slash.pd () gmail com>
Date: Mon, 19 Feb 2007 21:11:23 -0500

just asking... Is this std practice by vendor to state.... ???

"[..] we ask you respect responsible disclosure guidelines and not report
this publicly...."

/pd

On 2/19/07, Michal Zalewski <lcamtuf () dione ids pl> wrote:

On Tue, 20 Feb 2007, Rajesh Sethumadhavan wrote:

> Microsoft Internet Explorer is a default browser bundled with all
> versions of Microsoft Windows operating system.

Any luck with sending the data back to the attacker? SCRIPT and STYLE ones
can be used to steal data from very specifically formatted files, but
that's not a whole lot.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Microsoft Internet Explorer Local File Accesses Vulnerability Rajesh Sethumadhavan (Feb 19)
- Re: Microsoft Internet Explorer Local File Accesses Vulnerability Michal Zalewski (Feb 19)
  - Re: Microsoft Internet Explorer Local File Accesses Vulnerability Peter Dawson (Feb 19)
    - Re: Microsoft Internet Explorer Local File Accesses Vulnerability Michal Zalewski (Feb 20)
- Re: Microsoft Internet Explorer Local File Accesses Vulnerability [7244ks] Microsoft Security Response Center (Feb 19)
- Re: Microsoft Internet Explorer Local File Accesses Vulnerability pdp (architect) (Feb 20)