[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Note for "Invalid ContentType may disclose cache directory"
From: Liu Die Yu <liudieyuinchina () yahoo ! com ! cn>
Date: 2003-11-25 10:06:21
[Download RAW message or body]
Note for "Invalid ContentType may disclose cache directory"
This vulnerability("Invalid ContentType may disclose cache directory") doesn't work \
on all systems. ("Invalid ContentType may disclose cache directory", at \
http://www.safecenter.net/UMBRELLAWEBV4/threadid10008/) Please note that execdror6 \
and LocalZoneInCache also depends on this vulnerability. (execdror6: \
http://www.safecenter.net/UMBRELLAWEBV4/execdror6/
LocalZoneInCache: http://www.safecenter.net/UMBRELLAWEBV4/LocalZoneInCache/)
I have spent extra-ordinary time on this issue and here is all i know about it:
First, The code was verified to work on a WinXp system(Simplified Chinese version) \
with all patches. Then, I sent LocalZoneInCache to HTTP-EQUIV, Dror Shalev and the \
Pull for testing: It works on Dror Shalev's WinXp machine(up-to-date) but it doesn't \
work on the Pull's Win2k system. (because he set killbit for Adodb.Stream activeX \
object.) Soon after that, HTTP-EQUIV found it does not work on his WinXp system(2-3 \
weeks old, with the latest IE patch). Then, to figure out what happened, i formatted \
disk and installed Win2k3 and WinXp(both Simplified Chinese version) and then applied \
the latest IE patch. Both remote compromise cases(LocalZoneInCache and execdror6) \
don't work any more. At last, i reproduced both remote compromise cases on MSIEv6 \
running on Simplified Chinese WinXp with the following patches: \
SP1;Q828750;Q330994;Q824145(a.k.a MS03-048)
If you are using IE, please help me test it and send the result directly to my \
emailbox. Thanx in advance.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic