Greetings, There is a new IE 4 issue affecting privacy. The clipboard content can be made public by a javascript code two lines long. I reported the problem to Microsoft on Jan 7 and they have posted the corresponding security bulletin and a fix today 21 January. Although the vulnerability can be exploited from IE 4 navigator it is not a IE 4 bug. The problem is located in some ActiveX called "MS Forms 2.0" that are shipped and installed with the following applications : Microsoft Office 97 Microsot Outlook 98 Microsoft Project 98 Microsoft Visual Basic 5.0 Other non MS applications based on VB or VBA More info and a demo is available at : http://pages.whowhere.com/computers/cuartangojc Microsoft security bulletin is : http://www.microsoft.com/security/bulletins/ms99-001.asp Regards, Juan Carlos
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:30:47 PDT