site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Study Finds ISPs Fiddled with Web Pages

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

SUMware
Premium
join:2002-05-21
kudos:2

reply to ilago

Internet Explorer Vulnerability

Great read. Thanks.

Is the following fixed yet?

From the above linked pdf:
»www.cs.washington.edu/research/s···2008.pdf
quote:
Internet Explorer Vulnerability. IE injects a "Mark of the Web" into pages that it saves to disk, consisting of an HTML comment with the page's URL [28]. This comment is vulnerable to similar attacks as Ad Muncher and Proxomitron [We reported these vulnerabilities to the developers of Ad Muncher and the Proxomitron filter sets, who have released fixes for the vulnerabilities.], but the injected scripts only run if the page is loaded from disk. In this context, the injected scripts have no access to cookies or the originating server, only the content on the page itself. This vulnerability was originally reported to Microsoft by David Vaartjes in 2006, but no fix is yet available [37].

[28] Microsoft Developer Network. Mark of the Web. »msdn2.microsoft.com/en-us/librar···628.aspx, Oct. 2007.
[37] D. Vaartjes. XSS via IE MOTW feature. »securityvulns.com/Rdocument866.html, Aug. 2007.
to forum · permalink · 2008-04-16 11:00:44 ·
Forums > Broadband Tech > Security > Security

Tuesday, 29-May 20:53:18 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics