Microsoft IE XHTML Formatted Comment User Confirmation Bypass

2004-09-15T23:46:09
ID OSVDB:15223
Type osvdb
Reporter Cyrille SZYMANSKI()
Modified 2004-09-15T23:46:09

Description

Vulnerability Description

By inserting a crafted comment line in a web page, IE 6 believes that the page was previously saved locally and bypasses the protection against downloading javascript & activex provided by the information bar.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

By inserting a crafted comment line in a web page, IE 6 believes that the page was previously saved locally and bypasses the protection against downloading javascript & activex provided by the information bar.

Manual Testing Notes

Include the following line in a web page :

<!-- saved from usr=(XXXX)URL -->

Replacing URL with a complete url ( http://www.blah.com )

Replacing XXXX with a 4 digit number equal to the number of characters in the url ( 19 )

<!-- saved from usr=(0019) http://www.blah.com -->

References:

Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=109539520310153&w=2 CVE-2004-1686 Bugtraq ID: 11200