Re: Update and comments on the MS02-023 patch, holes still remain

From: Andrew Clover (andat_private)
Date: Fri May 17 2002 - 02:27:37 PDT

Next message: hdlkhaat_private: "*****SPAM***** Hosting Controller still have dangerous bugs!"

Previous message: Chad Loder: "Re: dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express"
In reply to: Thor Larholm: "Update and comments on the MS02-023 patch, holes still remain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thor Larholm <Thorat_private> wrote:

> The above is merely misinformation on their parts. The Restricted Sites Zone
> tries to disable scripting ( a requisite for the dialogArguments
> vulnerability ), but many vulnerabilities allow you to circumvent this
> setting

Even non-vulnerabilities allow it. For example a <meta http-equiv="refresh">
can redirect to a page not within the Restricted Sites zone, and a
<frame> or <iframe> can include content from a non-restricted site.

It is also possible to create an about:<script>...</script> URL, which
injects scripts into the Internet zone. Such URLs cannot be put in the
Restricted Sites zone using the normal IE Security tab. Microsoft have
refused to remove this undocumented behaviour.

So essentially the Restricted Sites feature offers zero security protection
by design. Users should not rely on it to enforce stricter settings than
present in the Internet Zone.

-- 
Andrew Clover
mailto:andat_private
http://and.doxdesk.com/

Next message: hdlkhaat_private: "*****SPAM***** Hosting Controller still have dangerous bugs!"
Previous message: Chad Loder: "Re: dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express"
In reply to: Thor Larholm: "Update and comments on the MS02-023 patch, holes still remain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 17 2002 - 09:51:44 PDT