There was not a lot of details in your post, so I will try to verify and clarify your
findings. First things first, this is not a problem with Microsofts Internet Explorer,
but with Macromedia and their Flash player.
I could reproduce this issue successfully with a fresh install of the latest Fl
Thor Larholm <[EMAIL PROTECTED]> wrote:
> ... this is not a problem with Microsofts Internet Explorer, but ...
> There are two completely new issues at hand here.
> The second issue is that IE ... inadvertently redirects to a local file ...
> Content-Location: file:///c:/somefile.html
> ... circum
try this ...
its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
file://c:\windows\system32\logoff.exe
_
Secure mail ---> http://www.blackcode.com
___
Full-Disclosure - We beli
try this ...
its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
file://c:\windows\system32\logoff.exe
_
Secure mail ---> http://www.blackcode.com
___
Full-Disclosure - We be
William A. Schulze <[EMAIL PROTECTED]> wrote in
http://www.securityfocus.com/archive/1/342910 :
> ... Flash Player stores cookies in a somewhat predictable location
> (assuming the username can be guessed), and some of the contents are
> stored as plain text. While this is not in itself a directly
Thor Larholm <[EMAIL PROTECTED]> wrote:
>> Storing in an unpredictable location might help.
>> Obfuscation does not: instead of setting a cookie
>> of BadThing, the attacker could set one that will
>> become BadThing. The need to reverse-engineer the
>> obfuscation, and details like possible chara
> From: Paul Szabo [mailto:[EMAIL PROTECTED]
> Storing in an unpredictable location might help.
> Obfuscation does not: instead of setting a cookie
> of BadThing, the attacker could set one that will
> become BadThing. The need to reverse-engineer the
> obfuscation, and details like possible c
ke [mailto:[EMAIL PROTECTED]
Sent: Thu 10/30/2003 5:04 PM
To: Thor Larholm; Paul Szabo; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL
PROTECTED]
Cc:
Subject: RE: [Full-Disclosure] RE: Internet Explorer and Opera local zone
restriction bypass
On Thu, 30 Oct 2003 14:30:00 PST, Thor Larholm <[EMAIL PROTECTED]> said:
> Flash can remove the first and latter, and there is absolutely no
> reverse-engineering that will convince IE to render a BAE-64 encoded
> string as HTML.
This the same IE that's been known to render a frikking *JPEG* as
t;[EMAIL PROTECTED]>
Sent: Saturday, October 25, 2003 6:54 AM
Subject: [Full-Disclosure] RE: Internet Explorer and Opera local zone
restriction bypass
> There was not a lot of details in your post, so I will try to verify and
clarify your findings. First things first, this is not a problem wi
On Wed, 2003-10-29 at 14:29, Bipin Gautam wrote:
> try this ...
>
> its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
>
> file://c:\windows\system32\logoff.exe
please, please stfu already about you playing with your technical self
and running stuff in winxp/system32. Noone wants
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 3:29 PM
Subject: [Full-Disclosure] Re: Internet Explorer and Opera local zone
restriction bypass
> try this ...
>
> its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
>
ether this has any bearing
on the exact issue with Flash, but it might be worth considering.
Jerry
-Original Message-
From: Thor Larholm [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 4:30 PM
To: Paul Szabo; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Fu
13 matches
Mail list logo