Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

CSRF with MS Word

From: "David Kierznowski" <david.kierznowski () gmail com>
Date: Fri, 24 Nov 2006 19:12:32 +0000
CSRF with MS Word

Our attack vector is found in exploiting MSWord's frame capabilities:
By creating malicious frames in a document and pointing them to a
malicious URL, we can exploit multiple, persistent (well almost, this
is limited) CSRF vulnerabilities (and possibly the browser).

See:
http://michaeldaw.org/md-hacks/csrf-with-msword/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: