Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Multiple bugs in Internet Explorer
updated since 11.09.2003
Published:15.12.2003
Source:BUGTRAQ
SecurityVulns ID:3110
Type:client
Level:7/10
Description:Crossite scripting via Find dialog, location/refresh, NavigateAndFind, file:javascript:, click to drug-n-drop spoofing, src URL spoofing, BaseRef spoofing, etc.
Affected:MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentLiu Die Yu, Several Things about IE bugs (15.12.2003)
 documentLiu Die Yu, MHTML Redirection Leads to Downloading EXE and Executing (26.11.2003)
 documentLiu Die Yu, HijackClickV2 - a successor of HijackClick attack (26.11.2003)
 documentLiu Die Yu, Cache Disclosure Leads to MYCOMPUTER Zone and Remote Compromise (26.11.2003)
 documentLiu Die Yu, BackToFramedJpu - a successor of BackToJpu attack (26.11.2003)
 documentLiu Die Yu, Note for "Invalid ContentType may disclose cache directory" (26.11.2003)
 documentLiu Die Yu, Invalid ContentType may disclose cache directory (26.11.2003)
 documentLiu Die Yu, New "Clean" IE Remote Compromise (26.11.2003)
 documentLiu Die Yu, IE Remote Compromise by Getting Cache Location (26.11.2003)
 documentLiu Die Yu, Six Step IE Remote Compromise Cache Attack (10.11.2003)
 documentMind Warper, IE 6 XML Patch Bypass (08.10.2003)
 documentMICROSOFT, Microsoft Security Bulletin MS03-040: Cumulative Patch for Internet Explorer (828750) (04.10.2003)
 documentThor Larholm, Liu Die Yu findings verified, details (19.09.2003)
 documentjelmer, [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code (12.09.2003)
 documentLiu Die Yu, MSIE->NAFfileJPU (11.09.2003)
 documentLiu Die Yu, MSIE->WsBASEjpu (11.09.2003)
 documentLiu Die Yu, MSIE->WsBASEjpu (11.09.2003)
 documentLiu Die Yu, MSIE->LinkillerSaveRef:another caller-based authorization (11.09.2003)
 documentLiu Die Yu, MSIE->RefBack (11.09.2003)
 documentLiu Die Yu, MSIE->WsFakeSrc (11.09.2003)
 documentLiu Die Yu, MSIE->WsOpenFileJPU (11.09.2003)
 documentLiu Die Yu, MSIE->NAFjpuInHistory (11.09.2003)
 documentLiu Die Yu, MSIE->LinkillerJPU:another caller-based authorization(is broken). (11.09.2003)
 documentLiu Die Yu, MSIE->BackMyParent2:Multi-Thread version (11.09.2003)
 documentLiu Die Yu, MSIE->HijackClick: 1+1=2 (11.09.2003)
 documentLiu Die Yu, MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method (11.09.2003)
 documentLiu Die Yu, MSIE->Findeath: break caller-based authorization (11.09.2003)
Files:LiuDieYu's missing files are here.
Discuss:Read or add your comments to this news (0 comments)

Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru