TUCoPS :: Browsers :: hack2913.htm

Regression in IE: Accessing remote/local content in IE (GM#009-IE)
Regression in IE: Accessing remote/local content in IE (GM#009-IE)

For further information on the regression itself see "Solution" section.

GreyMagic Security Advisory GM#009-IE
=====================================

By GreyMagic Software, 23 Aug 2002, 12 Oct 2004. 

Available in HTML format at
http://www.greymagic.com/security/advisories/gm009-ie/. 

Topic: Accessing remote/local content in IE.

Discovery date: 18 Feb 2002.

Affected applications: 
======================

All tested versions of Microsoft Internet Explorer (IE5+); prior versions
may be vulnerable as well. 

Note that any other application that uses Internet Explorer's engine
(WebBrowser control) is affected as well (Outlook, MSN Explorer, etc.). 


Introduction: 
=============

Back in 1997, when Internet Explorer 4 was first released, XML was just
starting to become popular. The popularity of XML prompted Microsoft to
devise the early prototype of XML data-islands, using the 



Solution: 
=========

Microsoft was first informed on 18 Feb 2002, a patch was finally released on
22 Aug 2002 after a long investigation and testing period. 

The patch may be downloaded from:
http://www.microsoft.com/technet/security/bulletin/ms02-047.asp. 

** Update - 9 Oct 2004 **

There has been a regression in Internet Explorer that causes it to be
vulnerable to this issue once again. The regression was spotted by Georgi
Guninski in an advisory from 7-Oct-2004
(http://www.guninski.com/where_do_you_want_billg_to_go_today_1.ht ml). 

Interestingly enough, the regression is only visible when the