Full Disclosure mailing list archives
CSRF with MS Word
From: "David Kierznowski" <david.kierznowski () gmail com>
Date: Fri, 24 Nov 2006 19:12:32 +0000
CSRF with MS Word Our attack vector is found in exploiting MSWord's frame capabilities: By creating malicious frames in a document and pointing them to a malicious URL, we can exploit multiple, persistent (well almost, this is limited) CSRF vulnerabilities (and possibly the browser). See: http://michaeldaw.org/md-hacks/csrf-with-msword/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CSRF with MS Word David Kierznowski (Nov 24)