SANS: Two new Internet Explorer vulnerabilities disclosed including PoC

Two vulnerabilities in Internet Explorer were published yesterday to the Full Disclosure mailing list along with their associated PoC code.

A critically rated IE vulnerability in the use of HTA applications (CLSID 3050f4d8-98B5-11CF-BB82-00AA00BDCE0B) to trick a user into opening a file by double clicking it....The second vulnerability is related to the handling of the object.documentElement.outerHTML property. The abuse of this property will allow an attacker to retrieve remote content in the context of the web page which is being currently viewed by the user. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Wednesday, 28th June 2006 3:37AM