Microsoft just released Internet Explorer 5.0, but apparently forgot to plug many of the JavaScript security holes documented by Georgi Guninski
7052169274baaf79029a336db336379d20e50e8166700201cf664ced2ae14235Date: Fri, 19 Mar 1999 11:46:01 +0100
From: Most Psychoid <psychoid@GMX.NET>
To: BUGTRAQ@netspace.org
Subject: IE5 - same vulnerabilities, only some fixed
Hello,
The new Microsoft Internet Explorer 5 (I checked Version: 5.00.0910.1309)
still allows Frame Spoofing and reading of local Files as described by
Georgi Guninski (see http://www.whitehats.com/guninski/read.html).
Another new feature named "AutoComplete" stores entries (which also may be
passwords). Just another new source for passwords which had not been saved
in IE 4.x.
The Crash-bugs seem to be removed. I could not crash my default installed
IE 5 using the known exploits.
So far,
psychoid
---
Sent through Global Message Exchange - http://www.gmx.net
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed