| Directory > Computers > Software > Internet > Clients > WWW > Browsers > Microsoft Internet Explorer > Security Privacy Secrets of MicroSoft's Internet Explorer
Security and internet privacy issues of Global Histories, Cookies, and Cache while browsing with
Mac Explorer 5.0
http://phaster.com/unpretentious/browsing_micro$oft.html
Reviews Rating: Not yet Rated
Whois Check
Microsoft Internet Explorer (3.0): Cache Vulnerability
Discusses a vulnerability whereby pages delivered via SSL are left in clear in Explorer's disk
cache and may be (trivially) retrieved by anyone with access to the machine.
http://www.brd.ie/papers/mscache/mscache.html
Reviews Rating: Not yet Rated
Whois Check
IE Clipboard Stealing
"Since Microsoft Internet Explorer ("IE") version 5.0, there has been a way to read
and set the users clipboard text from script, by default, and with no prompting. This can be handy
for web-based applications to do so, but can be used in a malicious way to steal the clipboard
contents if the option is not changed."
http://tom.me.uk/clipboard/
Reviews Rating: Not yet Rated
Whois Check
PivX Solutions: IE Allows Universal Cross Domain Scripting
"The object property of embedded WebBrowser controls is not subject to the Cross Domain
security checks that embedded HTML documents ordinarily go through, and as such it is possible to
escape any sandboxing and security zone restrictions."
http://www.pivx.com/larholm/adv/TL003/
Reviews Rating: Not yet Rated
Whois Check
Retrieving Information on Local Files in IE
Explains how the IMG element's dynsrc attribute can be exploited to test the existence of, find the
size of, find the date last updated/modified of, and the creation date of, an arbitrary local file.
By GreyMagic Security.
http://sec.greymagic.com/adv/gm003-ie/
Reviews Rating: Not yet Rated
Whois Check
Executing Arbitrary Commands Without Active Scripting or ActiveX
Advisory by GreyMagic Security explains how a vulnerability in elements can be exploited with data
binding.
http://sec.greymagic.com/adv/gm001-ie/
Reviews Rating: Not yet Rated
Whois Check
GreyMagic Security: Appendix to "IE allows universal Cross Site Scripting"
Explains how the "ANALYZE.DLG" resource can be manipulated to allow the execution of
arbitrary code in the My Computer" zone.
http://sec.greymagic.com/adv/gm001-ax/
Reviews Rating: Not yet Rated
Whois Check
CNET: Buffer-overflow Bug in IE
"Microsoft is urging users of its Internet Explorer browser to download a patch for a newly
discovered buffer-overflow security bug. The bug takes advantage of the way some versions of the IE
browser handle long strings of JScript code."
http://news.com.com/2100-1001-214620.html
Reviews Rating: Not yet Rated
Whois Check
Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability
Advisory by USSR: "It is possible to create a malicious webpage that when visited by an IE
user all of their system resources are devoured and depending on the system its possible that the
machine can even crash and reboot itself."
http://www.ussrback.com/iehole/
Reviews Rating: Not yet Rated
Whois Check
Unpatched IE Vulnerabilities
Unpatched vulnerabilities, references, and examples
http://www.jscript.dk/unpatched/
Reviews Rating: Not yet Rated
Whois Check
The Register: Three New MS Security Holes - Two Nasty
Includes: MSXML may ignore IE security zone settings during a request for data from a Web site; and
a VBscript problem which allows an attacker to read files on a victim's local drive, or eavesdrop
on his browsing session.
http://www.theregister.co.uk/content/55/24168.html
Reviews Rating: Not yet Rated
Whois Check
The Register: IE, Outlook Run Malicious Commands Without Scripting
An attacker can run arbitrary commands on Windows machines with a simple bit of HTML, an Israeli
security researcher has demonstrated. The exploit will work with IE, Outlook and Outlook Express
even if active scripting and ActiveX are disabled in the browser security settings.
http://www.theregister.co.uk/content/55/24274.html
Reviews Rating: Not yet Rated
Whois Check
The Register: Cumulative IE Patch for Maicious Cookies
A fairly serious flaw in Internet Explorer which would enable a malicious Web page or e-mail to
drop a cookie containing an HTML script on a victim's machine and run it in the 'Local Computer'
zone rather than the Internet zone to avoid restrictions has just been patched.
http://www.theregister.co.uk/content/55/24653.html
Reviews Rating: Not yet Rated
Whois Check
The Register: MS Security Patch Fails on Local Files
The MS patch intended to fix a data binding flaw in IE, which enables a script to call executables
on your Windows machine using the object tag, does not protect against malicious files launched
from a local directory.
http://www.theregister.co.uk/content/55/24667.html
Reviews Rating: Not yet Rated
Whois Check
Wired News: IE Hole Surrenders Your Computer
An attacker can gain control of another user's machine using an HTML-formatted e-mail with an
attachment that contains a small remote-control program. The e-mail can be sent directly to the
victim, or can be placed on a website.
http://www.wired.com/news/technology/0,1282,42750,00.html
Reviews Rating: Not yet Rated
Whois Check
Wired News: IE Hole-Finder in Odd Position
A hacker who discovered a potentially devastating security hole in Microsoft's Internet Explorer
says he has found himself in the undesired position of providing technical support to people who
cannot install the patch that Microsoft released to fix the flaw.
http://www.wired.com/news/technology/0,1282,42798,00.html
Reviews Rating: Not yet Rated
Whois Check
Wired News: IE Bug Can Lead to Strange Search
Describes a security hole which can be exploited to change users' search sites or to serve up
offensive ads.
http://www.wired.com/news/infostructure/0,1377,48177,00.html
Reviews Rating: Not yet Rated
Whois Check
Windows Security Guide: Internet Explorer
Descriptions, and patch information, for vulnerabilities affecting various versions of this
browser.
http://www.winguides.com/security/category.php/5/
Reviews Rating: Not yet Rated
Whois Check
CIAC: Microsoft Internet Explorer-Content Type Falsification (Three Vulnerabilities)
Detailed explanation and workaround of these vulnerabilities affecting I.E 5.5 and 6.
http://www.ciac.org/ciac/bulletins/m-027.shtml
Reviews Rating: Not yet Rated
Whois Check
CERT Advisory: Buffer Overflow in Microsoft Internet Explorer
Provides an overview and solutions to this vulnerability which, theoretically, affects all
applications utilizing the Internet Explorer HTML rendering engine.
http://www.cert.org/advisories/CA-2002-04.html
Reviews Rating: Not yet Rated
Whois Check
Internet Explorer Security Pro
Internet Explorer Security is a utility that customizes aspects of the Internet Explorer Web
browser.
http://www.mybestsoft.com/iesec/index.html
Reviews Rating: Not yet Rated
Whois Check
Microsoft: Q167614 - Update Available For "Frame Spoof" Security Issue
An update that addresses a potential security issue with regard to the use of frames in Internet
Explorer.
http://support.microsoft.com/support/kb/articles/q167/6/14.asp
Reviews Rating: Not yet Rated
Whois Check
Scott Schnoll's Internet Explorer Security
Information on Internet and web browser security as well as Microsoft Internet Explorer security
features and flaws.
http://www.nwnetworks.com/iesc.html
Reviews Rating: Not yet Rated
Whois Check
ActiveBackgrounds
Secure browser and desktop interface for windows.
http://active.ibusinessdot.com
Reviews Rating: Not yet Rated
Whois Check
|
