BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Re: Internet Explorer and Opera local zone restriction bypass
Oct 27 2003 08:32PM
Andreas Sandblad (sandblad acc umu se)
Hi Mindwarper.
It seems you can actually get it to work without pressing refresh and
without knowing the username (at least on my fully patched win2000 pro
machine).
How? Remember the vulnerability
"Microsoft Internet Explorer %USERPROFILE% Folder Disclosure Vuln."
http://msgs.securepoint.com/cgi-...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
It seems you can actually get it to work without pressing refresh and
without knowing the username (at least on my fully patched win2000 pro
machine).
How? Remember the vulnerability
"Microsoft Internet Explorer %USERPROFILE% Folder Disclosure Vuln."
http://msgs.securepoint.com/cgi-...
[ more ]