RE: Vulnerable cached objects in IE (9 advisories in 1)

From: Thor Larholm (Thorat_private)
Date: Wed Oct 23 2002 - 02:13:57 PDT

Next message: Eric L. Howard: "does Xandros have anyone answering the security phone?"

Previous message: Tamer Sahin: "[SecurityOffice] Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability"
Maybe in reply to: GreyMagic Software: "Vulnerable cached objects in IE (9 advisories in 1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: jelmer [mailto:jkuperusat_private]
> The external method flaw also seems to affects my ie6 sp1 browser

I can confirm this as well, together with the clipboardData method flaw.

It's a surprise that Microsoft didn't fix this globally in SP1, instead of
applying checks to each individual method and object. At first, I assumed
they had made a generic fix, but with this in the open it is clear that they
only patched specifics and that there will be many more vulnerabilities in
the method/object caching category.



Regards
Thor Larholm

Next message: Eric L. Howard: "does Xandros have anyone answering the security phone?"
Previous message: Tamer Sahin: "[SecurityOffice] Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability"
Maybe in reply to: GreyMagic Software: "Vulnerable cached objects in IE (9 advisories in 1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 08:43:34 PDT