Back to list
Re: Phishing using IE7 local resource vulnerability
Mar 15 2007 03:12PM
robert everythingeverything co uk
RE: Phishing using IE7 local resource vulnerability
Mar 15 2007 06:50PM
avivra (avivra gmail com)
Protected Mode and UAC are different security features.
But even though, it is possible to access local resource ("res://") links
with Protected Mode and UAC features enabled. You can test it yourself here:
http://www.raffon.net/research/ms/ie/navcancl/cnn.html or watch the demo
video here: http://raffon.net/videos/ie7navcancl.wmv.
The only way to mitigate this vulnerability by an out-of-the-box security
feature is to set the security level of the "Internet Zone" to "High". This
"Refresh the page." link in the navcancl.htm local resource page.
But, I doubt anyone will do that when they can simply just avoid clicking
any link in the "Navigation Canceled" page.
From: robert (at) everythingeverything.co (dot) uk [email concealed]
[mailto:robert (at) everythingeverything.co (dot) uk [email concealed]]
Sent: Thursday, March 15, 2007 5:13 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: Phishing using IE7 local resource vulnerability
This appears to be mitigated in Vista by Protected Mode, which is on by
default, and denies access to local resources. If people decide to disable
UAC, they must accept the potential risks that come with it, such as this
XSS attack. I appreciate that this is a valid risk for XP.
[ reply ]
Copyright 2010, SecurityFocus