Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple Vulnerabilities in Pocket IE

from [kers0r] Network Security [Permanent Link]
Subject: Multiple Vulnerabilities in Pocket IE
Date: 27 Jan 2005 04:02:52 -0000 


Multiple Vulnerabilities in Pocket IE 
--------------------------------------

Pocket IE Attack Overview:

There are several weaknesses in Pocket IE that can be used to trick end users 
into submitting local and/or sensitive data, such as usernames and passwords. 
The potential for exploiting these vulnerabilities are restricted only by an 
attacker&#8217;s imagination. However, Pocket IE is not as powerful as its big 
brother, and as such, an attacker is limited in what techniques she can use to 
launch the attack. For example, Pocket IE has no support for the IFrame tag, 
which is extremely useful in XSS and browser-based attacks. In addition, Pocket 
IE does not support every JavaScript command commonly used by attackers. The 
final example presented is an attempt to combine these individual flaws into 
one attack and is only meant to serve as a proof of concept.

To view the examples and a detailed write up please point your browser to the 
following link
http://www.airscanner.com/tests/ie_flaw/ie_attack.htm

Credit: Seth Fogie
http://www.airscanner.com
Airscanner Research Labs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple Vulnerabilities in Pocket IE, kers0r <=
Previous by Date:  MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability, Mandrake Linux Security Team
Next by Date:  Re: List of all admin accounts in phpBB, Aaron Klein
Previous by Thread:  MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability, Mandrake Linux Security Team
Next by Thread:  [CLA-2005:923] Conectiva Security Announcement - squid, Conectiva Updates
Indexes:  [Date] [Thread] [Top] [All Lists]