Microsoft IE userData storeuserData Cookie Privacy Setting Bypass

2002-08-04T00:00:00
ID OSVDB:7848
Type osvdb
Reporter Jelmer(jelmer@kuperus.xs4all.nl)
Modified 2002-08-04T00:00:00

Description

Vulnerability Description

Microsoft IE userData storeuserData function contains a flaw that may allow a malicious user to store persistent data (much like a cookie) on a victim's computer regardless of privacy settings. Therefore, the privacy setting gives the user a false sense of privacy protection against tracking cookie and other such privacy attacks.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): In the "Security" tab in "Internet Options" open "Custom Level". In the new window disable "UserData Persistance".

Short Description

Microsoft IE userData storeuserData function contains a flaw that may allow a malicious user to store persistent data (much like a cookie) on a victim's computer regardless of privacy settings. Therefore, the privacy setting gives the user a false sense of privacy protection against tracking cookie and other such privacy attacks.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0002.html ISS X-Force ID: 10459 CVE-2002-0832 Bugtraq ID: 5400