20 matches found
EUVD-2000-0265
Malware in sbrugna...
Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/197/info On January 28, 1999, Georgi Guninski originally reported a vulnerability in Internet Explorer 4.x. Internet Explorer 4.x's implentation of Cross-frame security could be bypassed if %01 is appended to an arbitrary...
IE 5.5 Cross Frame security vulnerability - Web Browser Control's Navigate method
Georgi Guninski security advisory 20, 2000 IE 5.5 Cross Frame security vulnerability - Web Browser Control's Navigate method Systems affected: IE 5.5/Win98. Probably other versions - have not tested. Risk: High Date: 4 September 2000 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski...
CVE-2000-0503
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event...
ie-iframe.txt
Georgi Guninski security advisory 12, 2000 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski...
CVE-2000-0503
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event...
CVE-2000-0266
The CVE-2000-0266 entry describes a vulnerability in Internet Explorer 5.01 where a malicious applet can bypass the cross-frame security policy by interacting with the Java JSObject to modify DOM properties, allowing an IFRAME to load an arbitrary JavaScript URL. This reveals a client-side cross-...
IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy)
Georgi Guninski security advisory 10, 2000 IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript and disabling Active Scripting is not that easy Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual...
CVE-2000-0266
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL...
CVE-2000-0028
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function...
ie5.cross-frame.txt
Georgi Guninski security advisory 4, 2000 IE 5 security vulnerablity - circumventing Cross-frame security policy and accessing the DOM of "old" documents. Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies,...
CVE-1999-0871
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability...
CVE-2000-0028
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function...
PT-1999-1837 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.0 through 5.01 Description: The issue allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. Recommendations: For Internet Explorer versions 5.0...
msie4-autoexec.bat-tdc.txt
Guninski's IE 4 reading AUTOEXEC.BAT. There is a bug in Internet Explorer 4.x patched which allows reading local files and sending them to an arbitrary server. The problem is: if you add '%01someURL' after the an about: URL, IE thinks that the document is loaded from the domain of 'someURL'. This...
msie4.01-window-spoof.txt
Guninski's IE 4 window spoofing. http://www.geocities.com/ResearchTriangle/1711/read4.html There is a bug in Internet Explorer 4.01 patched which allows "window spoofing". The problem is: if you add '%01someURL' after the URL, IE thinks that the document is loaded from the domain of 'someURL'. Th...
msie.5.0-0.001.percent.txt
Date: Fri, 9 Apr 1999 07:15:12 +0300 From: Georgi Guninski To: [email protected] Subject: IE 5.0 security vulnerabilities - %01 bug again There is a security bug in Internet Explorer 5.0 which circumvents "Cross-frame security" and opens several security holes. This is a modification of the "%...
Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing / Cross Frame Access
source: https://www.securityfocus.com/bid/116/info Vulnerabilities in an ActiveX control distributed with Internet Explorer 5 and available for Internet Explorer 4 allow malicous web sites to steal local files and to bypass cross-frame security rules. The DHTML Edit Control Safe for Scripting...
Microsoft Internet Explorer 5.0.1 - Invalid Byte Cross-Frame Access
Microsoft Internet Explorer 5.0.1 - Invalid Byte Cross-Frame Access source: https://www.securityfocus.com/bid/197/info On January 28, 1999, Georgi Guninski originally reported a vulnerability in Internet Explorer 4.x. Internet Explorer 4.x's implentation of Cross-frame security could be bypassed ...
CVE-1999-0871
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability...