Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection

from [ViPeR] Network Security [Permanent Link]
Subject: [Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection
Date: Sun, 19 Sep 2004 03:23:54 +0100 (BST) 
hi,

agreed, but still its possible to conduct remote
attacks on unpatched IE i suppose. Also, if a new flaw
pops up using which we are able to access "res:"
protocol from the internet-zone, well, this is one way
of injecting code into the mycomputer-zone.

well, all i wanted to point out was that there was no
filtering on part of software, to disallow any such
attacks.

rgds,
Viper

 --- "Rafel Ivgi, The-Insider" <theinsider@012.net.il>
wrote: 

This is not dangerous from remote, because the
"res:" protocol is not
accessible by internet zone. You must to find a way
to access  "res:" from
remote, otherwise it means nothing. As for local
zone, you can ran scripts
in mycomputer zone.


Rafel Ivgi, The-Insider
Security Consultant, Finjan.com
 


________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection, ViPeR <=
Previous by Date:  [Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection, Liu Die Yu
Next by Date:  [Full-Disclosure] RE: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access - Email found in subject, Michael Scheidell
Previous by Thread:  GoogleToolbar:About -- Allows Script Injection, ViPeR
Next by Thread:  [Full-Disclosure] RE: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access - Email found in subject, Michael Scheidell
Indexes:  [Date] [Thread] [Top] [All Lists]