Bugtraq mailing list archives

Reappearance of an old IE security bug

From: bam () DIMENSIONAL COM (Ben Mesander)
Date: Sun, 16 Apr 2000 17:09:04 -0600


I have found a way to have a Java applet open a connection to an arbitrary
host and violate the Java security model in Internet Explorer 5. This is a bug
I first discovered in 1997, and Microsoft fixed it then. It seems to
have reappeared in the latest IE 5.

This vulnerability allows malicious websites to download a java applet to
a user's desktop, and use the desktop to send content from sites inside a
firewall to the malicious webserver or another host.

http://www.hungry.com/~ben/msie_bug/

--Ben

Current thread:

Re: Back Door in Commercial Shopping Cart [RESOLVED], (continued)
- - - Re: Back Door in Commercial Shopping Cart [RESOLVED] Dan Kaminsky (Apr 17)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
  - Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
  - nmh-1.0.4 released Dan Harkless (Apr 14)
  - xfs Michal Zalewski (Apr 16)
  - StarOffice 5.1 Michal Zalewski (Apr 16)
  - XFree86 server overflow Michal Zalewski (Apr 16)
    - XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
    - Reappearance of an old IE security bug Ben Mesander (Apr 16)
    - Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
    - Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
    - Re: XFree86 server overflow Olaf Kirch (Apr 17)
    - Re: XFree86 server overflow Valentin Pavlov (Apr 17)
    - Microsoft Security Bulletin (MS00-025) Microsoft Product Security (Apr 17)
    - Re: XFree86 server overflow Paweł Sakowski (Apr 17)
    - RAZOR Analysis of dvwssr.dll Simple Nomad (Apr 17)
    - response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command Theo de Raadt (Apr 17)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)

(Thread continues...)