Je hebt een klacht over de onderstaande posting:
Bugtraq post van 28 maart http://www.securityfocus.com/archive/1/358913/2004-03-28/2004-04-03/0 1)Description: ================== There exists a security issue with the way the ms-its(its) and mk:@MSITStore:protocol handlers become available to internet explorer after *.chm files that are functional outside help and support center are initiated using showhelp() , when this happens internet explorer is capable of accessing thosefiles using ms- its(its) or mk:@MSITStore: protocol handlers , the nature of these files makes this matter dangerous to the users . The pages that becomeavailable to IE using ms-its or mk:@MSITStore: p-handlers are only those thatof the chm file opened using showhelp() however this can be bypassed using the restriction bypass vulnerability previously reported by Arman Nayyeri. I must point out that the ms-its: and mk:@MSITStore: protocol handlers are also available to IE when no chm file has been opened but to access these ...
Beschrijf je klacht (Optioneel):