New IE4 vulnerability : the clipboard again.

From: Aleph One (aleph1at_private)
Date: Tue Feb 23 1999 - 12:21:13 PST

Next message: Frank Miller: "Re: Frontpage extensions under Apache 1.3.4"

Previous message: Crispin Cowan: "Re: Preventing remote OS detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii


--qDbXVdCdHGoSgWSk
Content-Type: message/rfc822
Content-Description: Forwarded message from Juan Carlos Garcia Cuartango <cuartangojcat_private>

Received: (qmail 27851 invoked from network); 23 Feb 1999 19:35:55 -0000
Received: from dfw.nationwide.net (@198.175.15.10)
  by underground.org with SMTP; 23 Feb 1999 19:35:55 -0000
Received: from vms.dc.lsoft.com (vms.dc.lsoft.com [209.119.1.27])
	by dfw.nationwide.net (8.9.0/8.9.0) with ESMTP id MAA00327
	for <aleph1at_private>; Tue, 23 Feb 1999 12:21:17 -0600 (CST)
Received: from peach (209.119.0.4) by vms.dc.lsoft.com (LSMTP for OpenVMS v1.1a) with SMTP id <11.67D02D4Dat_private>; Tue, 23 Feb 1999 13:18:03 -0500
Received: from LISTSERV.NTBUGTRAQ.COM by LISTSERV.NTBUGTRAQ.COM
          (LISTSERV-TCP/IP release 1.8c) with spool id 70491 for
          NTBUGTRAQat_private; Tue, 23 Feb 1999 13:21:57 -0500
Approved-By: Russ.Cooperat_private
Received: from fclients1.redestb.es ([194.179.106.34]) by tinet0.redestb.es
          (Post.Office MTA v3.1 release PO203a ID# 0-0U10L2S100) with ESMTP id
          AAA213; Mon, 22 Feb 1999 23:48:12 +0100
Received: from home ([62.81.101.243]) by fclients1.redestb.es (Post.Office MTA
          v3.1.2 release (PO205-101c) ID# 0-0U10L2S100) with SMTP id AAA172;
          Mon, 22 Feb 1999 23:48:11 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding:  quoted-printable
Message-ID:  <00b301be5eb4$3bfccca0$6480e381@home>
Date:         Mon, 22 Feb 1999 23:39:07 +0100
Reply-To: Juan Carlos Garcia Cuartango <cuartangojcat_private>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQat_private>
From: Juan Carlos Garcia Cuartango <cuartangojcat_private>
Subject:      New IE4 vulnerability : the clipboard again.
To: NTBUGTRAQat_private

Greetings,=20

I have discovered another IE 4 clipboard vulnerability. The clipboard =
content can be made public by a very simple javascript code.
I reported the problem to Microsoft on Feb 10. They confirmed the =
problem. I t seems that they=20
were already aware of the problem and It will be fixed in the next IE 4 =
service pack.
The problem is located in the Internet WebBrowser ActiveX object.
Regards,
Juan Carlos


More info and a demo is available at :
http://pages.whowhere.com/computers/cuartangojc


Regards,


Juan Carlos


--qDbXVdCdHGoSgWSk--

Next message: Frank Miller: "Re: Frontpage extensions under Apache 1.3.4"
Previous message: Crispin Cowan: "Re: Preventing remote OS detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:19 PDT