[prev in list] [next in list] [prev in thread] [next in thread]
List: secunia-sec-adv
Subject: [SA19057] Internet Explorer Iframe Folder Deletion Weakness
From: Secunia Security Advisories <sec-adv () secunia ! com>
Date: 2006-02-28 14:02:04
Message-ID: 20060228140204.28707.qmail () secunia ! com
[Download RAW message or body]
TITLE:
Internet Explorer Iframe Folder Deletion Weakness
SECUNIA ADVISORY ID:
SA19057
VERIFY ADVISORY:
http://secunia.com/advisories/19057/
CRITICAL:
Not critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
DESCRIPTION:
cyber flash has discovered a weakness in Internet Explorer, which can
be exploited by malicious people to trick users into deleting local
folders.
The problem is that network shares can be included in an iframe where
only certain parts of the content is visible to the user. This can
e.g. be exploited to trick users into deleting local folders via an
iframe referencing "\\127.0.0.1\c$\".
Successful exploitation requires that the user selects a folder icon,
presses the delete key, and accepts a "Folder Delete" dialog.
The weakness has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP2.
SOLUTION:
Do not accept suspicious "Folder Delete" dialogs when visiting
untrusted web sites.
PROVIDED AND/OR DISCOVERED BY:
cyber flash
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=secunia-sec-adv%40progressive-comp.com
----------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic