[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability

To: Rajesh Sethumadhavan <rajesh.sethumadhavan@xxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Date: Mon, 19 Feb 2007 23:47:47 +0100 (CET)

On Tue, 20 Feb 2007, Rajesh Sethumadhavan wrote:

> Microsoft Internet Explorer is a default browser bundled with all
> versions of Microsoft Windows operating system.

Any luck with sending the data back to the attacker? SCRIPT and STYLE ones
can be used to steal data from very specifically formatted files, but
that's not a whole lot.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
  - From: Peter Dawson

References:
- [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
  - From: Rajesh Sethumadhavan

Prev by Date: Re: [Full-disclosure] new worm traveling the net? (GNU/Linux)
Next by Date: [Full-disclosure] [ MDKSA-2007:043 ] - Updated clamav packages address multiple issues.
Previous by thread: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
Next by thread: Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
Index(es):
- Date
- Thread