G
Guest
After running SCANIT browser security
test(http://bcheck.scanit.be/bcheck/index.php)
the ressult shows 1 Medium Risk Vulnerability.
The sites description is as follows:
---------------------------------------------------------
Microsoft Internet Explorer file:javascript: Cross Domain Scripting
Vulnerability (ldy20030910-01)
Description
This bug allows a web site to read the contents of any file on your
computer. The web site has to know the exact path and name of the file. A
malicious website may also be able to exploit this vulnerability to delete
mail from your webmail account or to spoof trusted websites.
Technical Details
It is possible to inject JavaScript code into Search bar and Media bar in
Internet Explorer using "file:javascript:.." URL. The code will be execurted
in the domain context of the document that was loaded in the bar.
A malicious web site can first open a document from any domain in Search bar
and then execute JavaScript code getting access to the document.
There is a technique that allows injecting JavaScript code into Local
Computer zone using this vulnerability. This allows a malicious web site to
get access to local files and even execute arbitrary code. See "Additional
Information" for details.
Recommendations
We recommend using Windows Update to correct this problem.
-----------------------------------------------------------
'Windows Update' tells me my all mine are current and no new ones available
for download.
I am using WIN XP Pro-SP2, have Java plugin 1.4.2_06 for Windows, and would
appreciate any help with correcting this problem if possible.
Brad
test(http://bcheck.scanit.be/bcheck/index.php)
the ressult shows 1 Medium Risk Vulnerability.
The sites description is as follows:
---------------------------------------------------------
Microsoft Internet Explorer file:javascript: Cross Domain Scripting
Vulnerability (ldy20030910-01)
Description
This bug allows a web site to read the contents of any file on your
computer. The web site has to know the exact path and name of the file. A
malicious website may also be able to exploit this vulnerability to delete
mail from your webmail account or to spoof trusted websites.
Technical Details
It is possible to inject JavaScript code into Search bar and Media bar in
Internet Explorer using "file:javascript:.." URL. The code will be execurted
in the domain context of the document that was loaded in the bar.
A malicious web site can first open a document from any domain in Search bar
and then execute JavaScript code getting access to the document.
There is a technique that allows injecting JavaScript code into Local
Computer zone using this vulnerability. This allows a malicious web site to
get access to local files and even execute arbitrary code. See "Additional
Information" for details.
Recommendations
We recommend using Windows Update to correct this problem.
-----------------------------------------------------------
'Windows Update' tells me my all mine are current and no new ones available
for download.
I am using WIN XP Pro-SP2, have Java plugin 1.4.2_06 for Windows, and would
appreciate any help with correcting this problem if possible.
Brad