Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: New Ie Vulnerability

  1. #1
    :helpsmile:

    Vulnerability in Internet Explorer ITS Protocol Handler

    There is a cross-domain scripting vulnerability in the way ITS protocol handlers determine the security domain of an HTML component stored in a Compiled HTML Help (CHM) file. The HTML Help system "...uses the underlying components of Microsoft Internet Explorer to display help content. It supports HTML, ActiveX, Java, [and] scripting languages (JScript, and Microsoft Visual Basic Scripting Edition)." CHM files use the InfoTech Storage (ITS) format to store components such as HTML files, graphic files, and ActiveX objects. IE provides several protocol handlers that can access ITS files and individual CHM components: its:, ms-its:, ms-itss:, and mkMSITStore:. IE also has the ability to access parts of MIME Encapsulation of Aggregate HTML Documents (MHTML) using the mhtml: protocol handler.

    When IE references an inaccessible or non-existent MHTML file using the ITS and mhtml: protocols, the ITS protocol handlers can access a CHM file from an alternate source. IE incorrectly treats the CHM file as if it were in the same domain as the unavailable MHTML file. Using a specially crafted URL, an attacker can cause arbitrary script in a CHM file to be executed in a different domain, violating the cross-domain security model.
    News source

  2. Software & Hardware   -   #2
    muchspl2
    Guest
    no patch yet and it doesn't matter if you use modzilla or firefox
    doesn't matter what browser you use

  3. Software & Hardware   -   #3
    Poster
    Join Date
    Jan 2003
    Posts
    908
    That's cute.

  4. Software & Hardware   -   #4
    shn's Avatar 3μ|\|(7
    Join Date
    May 2003
    Posts
    3,585
    I knew there was a reason why my *nix box would'nt open the KL FAQ.

    I'm such a n00b.

  5. Software & Hardware   -   #5
    Poster
    Join Date
    Jan 2003
    Posts
    908
    Originally posted by shn@9 April 2004 - 07:54
    I knew there was a reason why my *nix box would'nt open the KL FAQ.

    I'm such a n00b.
    What a n00b!

    j/k!

  6. Software & Hardware   -   #6
    no patch yet and it doesn't matter if you use modzilla or firefox


    Wait - I can ignore it when I use Firefox, or I'm skewered whatever I use ?

  7. Software & Hardware   -   #7
    shn's Avatar 3μ|\|(7
    Join Date
    May 2003
    Posts
    3,585
    Originally posted by fred devliegher@9 April 2004 - 09:38
    no patch yet and it doesn't matter if you use modzilla or firefox


    Wait - I can ignore it when I use Firefox, or I'm skewered whatever I use ?
    Your Screwed!


  8. Software & Hardware   -   #8
    Poster
    Join Date
    Aug 2003
    Location
    Burmoda triangle, right behind you!
    Posts
    571
    I heard about this one some time ago in the lounge( or talk clube or whatever).
    All firewalls, security softwre, and antiviruses can't help ya now, so it all depends ont he dumb ass sitting on the computer
    Click the longhorn icon to visit my website.
    <span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>

    ::::::::::::::::::::::::::::::::::::::::

  9. Software & Hardware   -   #9
    shn's Avatar 3μ|\|(7
    Join Date
    May 2003
    Posts
    3,585
    Your google toolbars have been owned too. Not too many people think about updating it.......especially when they use ie.

    copy and paste this in google.

    CAN-2002-1442

    check your version.

  10. Software & Hardware   -   #10
    It&#39;s a neverending battle.
    What does the google toolbar do again?

    -- Xero Grid --
    <span style='color:green'>Supertrick XG Forums</span> | Supertrick XG - Your solution to ads, pop-ups, malicious code, and the rest of the garbage just floating around the web.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •