Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Trigger Warning (2024)

Pareri cartiere/zone in care ati ...

Care este culoarea normala de soia?

Comertul cu arcuri si arbalete
 Masini pe benzina usor pretabile ...

Am primit facturi dupa ce am renu...

Camere video, supraveghere curte....

Epilator care nu smulge puful
 Realizare comanda pompa submersib...

Covorase scari/trepte

Apartament Iași

Scurgeri de la etajul superior
 Caut splitter semnal satelit

Instalatii sanitare

Program de slabire cu succes gara...

Reconditionare cada baie din fonta
 

High risk : Internet Explorer file:// Request Zone Bypass Vulnerability

- - - - -
  • Please log in to reply
No replies to this topic

#1
Guest_AcidMan_*

Guest_AcidMan_*
  • Grup: Guests
  • Înscris: --
Internet Explorer file:// Request Zone Bypass Vulnerability
Risk
[COLOR=red]
Date Discovered
05-09-2003

Description

Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be executed in the Local Computer zone.


Platforms Affected
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a

Components Affected
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0

Recommendations
Run all client software as a non-privileged user with minimal access rights.
Always run Internet Explorer as an unprivileged user. This will limit the consequences of successful exploitation of this and other latent vulnerabilities.

Do not follow links provided by unknown or untrusted sources.
Exploitation of this vulnerability can be accomplished by following a link to a malicious website or by viewing maliciously crafted HTML email. Caution should be exercised in accepting any communications from unknown or untrusted users.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] .
Microsoft Internet Explorer 5.5 SP2:
Microsoft Internet Explorer 5.5 SP1:
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0 SP1:
Microsoft Internet Explorer 6.0:

References
Source: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ![CRITICAL]
URL: msg://bugtraq/00f901c31541$65b1e240$6f00a8c0@ultor

Source: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
URL: msg://bugtraq/[email protected]

Source: Technet Security
URL: http://www.microsoft...ity/default.asp

Credits
Discovery is credited to "Marek Bialoglowy" .

Anunturi

Neurochirurgie minim invazivă Neurochirurgie minim invazivă

"Primum non nocere" este ideea ce a deschis drumul medicinei spre minim invaziv.

Avansul tehnologic extraordinar din ultimele decenii a permis dezvoltarea tuturor domeniilor medicinei. Microscopul operator, neuronavigația, tehnicile anestezice avansate permit intervenții chirurgicale tot mai precise, tot mai sigure. Neurochirurgia minim invazivă, sau prin "gaura cheii", oferă pacienților posibilitatea de a se opera cu riscuri minime, fie ele neurologice, infecțioase, medicale sau estetice.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate