Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Merita achizitionat un Smart ForT...

De ce nu pleaca unii romani in ve...

declaratia 406 sau SAF-T

Brackets vs gutiera dentara
 Control ISCTR/RAR - mici nelamuriri

Dedolarizarea (2023+) șanse ...

CSS suprapunere, de ce nu merge p...

Ford transit mk7 2.2 diesel 2007
 Cutu cu probleme la picioarele di...

Sfat achizitionare placa video

Intelesul unei propozitii -sintaxa

Investitie cu posibil risc?
 De ce oamenii sunt asa de agitați...

Mercedes renunta la multe modele

Invertor Growatt MOD-10KTL3-XH ve...

Alegere SURSA build nou
 

High risk : Internet Explorer file:// Request Zone Bypass Vulnerability

- - - - -
  • Please log in to reply
No replies to this topic

#1
Guest_AcidMan_*

Guest_AcidMan_*
  • Grup: Guests
  • Înscris: --
Internet Explorer file:// Request Zone Bypass Vulnerability
Risk
[COLOR=red]
Date Discovered
05-09-2003

Description

Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be executed in the Local Computer zone.


Platforms Affected
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a

Components Affected
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0

Recommendations
Run all client software as a non-privileged user with minimal access rights.
Always run Internet Explorer as an unprivileged user. This will limit the consequences of successful exploitation of this and other latent vulnerabilities.

Do not follow links provided by unknown or untrusted sources.
Exploitation of this vulnerability can be accomplished by following a link to a malicious website or by viewing maliciously crafted HTML email. Caution should be exercised in accepting any communications from unknown or untrusted users.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] .
Microsoft Internet Explorer 5.5 SP2:
Microsoft Internet Explorer 5.5 SP1:
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0 SP1:
Microsoft Internet Explorer 6.0:

References
Source: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ![CRITICAL]
URL: msg://bugtraq/[email protected]

Source: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
URL: msg://bugtraq/[email protected]

Source: Technet Security
URL: http://www.microsoft...ity/default.asp

Credits
Discovery is credited to "Marek Bialoglowy" .

Anunturi

Chirurgia cranio-cerebrală minim invazivă Chirurgia cranio-cerebrală minim invazivă

Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne.

Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate