[Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection
Date: Sat Sep 18 2004 - 22:23:54 EDT
hi,
agreed, but still its possible to conduct remote
attacks on unpatched IE i suppose. Also, if a new flaw
pops up using which we are able to access "res:"
protocol from the internet-zone, well, this is one way
of injecting code into the mycomputer-zone.
well, all i wanted to point out was that there was no
filtering on part of software, to disallow any such
attacks.
rgds,
Viper
--- "Rafel Ivgi, The-Insider" <theinsider@012.net.il>
wrote:
> This is not dangerous from remote, because the
> "res:" protocol is not
> accessible by internet zone. You must to find a way
> to access "res:" from
> remote, otherwise it means nothing. As for local
> zone, you can ran scripts
> in mycomputer zone.
>
>
> Rafel Ivgi, The-Insider
> Security Consultant, Finjan.com
>
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Sun Sep 19 11:48:25 2004
This archive was generated by hypermail 2.1.8 : Sun Sep 19 2004 - 12:09:13 EDT
