Re: IE5.5 window.externalNavigateAndFind security vulnerability.. ..

[Clover Andrew <aclover () 1VALUE COM>]

> Multiple security vulnerabilities found in
> window.external.NavigateAndFind function in IE5.5...

Verified on IE5.00. Will probably also work on IE4.
(Though the on-line exploit for "vulnerability 3" is
slightly broken in that it tries to open the relative
URL "code.txt" instead of an absolute, local path.)

These are all really the same vulnerability, of course:
that javascript: URLs are incorrectly executed in the
security context of the previous document. MS patched
around previous incarnations of this but seem to have
missed NavigateAndFind. Very poor, but you can't help
thinking that javascript: URLs were a stupid idea in
the first place.

--
Andrew Clover
Technical Support
1VALUE.com AG