Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

MSIE 5 and 6 FTP vulnerability (updated)

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA

PostPosted: Mon Apr 21, 2008 5:15 am    Post subject: MSIE 5 and 6 FTP vulnerability (updated) Reply with quote

Quote:
The many out there still using older versions of MSIE (such as Internet Explorer 5 or 6), might well be interested in two new vulnerabilities discovered and made public today on full disclosure.

It looks somewhat like a Cross Site Request Forgery (CSRF) attack: A malicious URL you (somehow) hit. It can be unintentional on the user's part through e.g. an injected iframe on a forum. The URL tells the client to contact another server and does some bad things there that the user never intended, but had the authorization to do. The twist in this case is that the second hit doing damage can also be a FTP request, not just a HTTP request....

http://isc.sans.org/diary.html?storyid=4126
_________________
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group