>Georgi Guninski security advisory #71, 2004 >http://www.guninski.com/where_do_you_want_billg_to_go_today_1.html
.. snip .. >By opening html in IE it is possible to read at least well formed xml from >arbitrary servers. The info then may be transmitted. GreyMagic disclosed the EXACT same issue on August 2002, over two years ago. Microsoft, at the time, took over 6 months to resolve the issue (initially reported to them on Feb 2002) and eventually released a patch (MS02-047). See http://www.greymagic.com/security/advisories/gm009-ie/ for more details and a live PoC (it also shows a neat method to get partial content from documents that aren't well-formed xml). That said, all our tests of this issue currently throw an "Access denied" exception, as they properly should. However, these tests are performed in the Internet Zone. Your tests might have been performed in another zone that had "Access data sources across domains" set to "Enabled," which would enable this vulnerability by design. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
