GreyMagic Internet Explorer Security Research
-
GM#015-IE: File Selection May Lead to Command Execution.
Vulnerability: Malformed files are able to execute arbitrary commands when selected.
Date: 19-Apr-2005.
Status: Open. -
GM#014-IE: Script Injection to Custom HTTP Errors in Local Zone.
Vulnerability: Attackers may exploit a flawed function in internal resources.
Date: 17-Jun-2003.
Status: Open. -
GM#013-IE: Cross-Site Scripting in Unparsable XML Files.
Vulnerability: Any XML file that cannot be parsed poses a risk of Cross-Site Scripting.
Date: 17-Jun-2003.
Status: Patched by IE6 SP1. -
GM#012-IE: Vulnerable cached objects in IE (9 advisories in 1).
Vulnerability: Nine critical vulnerabilities using cached objects.
Date: 22-Oct-2002.
Status: Patched by various releases. -
GM#011-IE: Internet Explorer : The D-Day.
Vulnerability: A vulnerability in an undocumented property in IE.
Date: 15-Oct-2002.
Status: Patched by MS02-066. -
GM#010-IE: Who framed Internet Explorer.
Vulnerability: A critical vulnerability in the way frames are handled by IE.
Date: 09-Sep-2002.
Status: Patched by MS02-066. -
GM#009-IE: Accessing remote/local content in IE.
Vulnerability: A vulnerability in deprecated XML data-islands may disclose sensitive data.
Date: 23-Aug-2002.
Status: Patched by MS02-047. -
GM#008-IE: Multiple local files detection issues with OWC in IE.
Vulnerability: Certain features in OWC can lead to file existence disclosure.
Date: 08-Apr-2002.
Status: Patched by MS02-044. -
GM#007-IE: Controlling the clipboard with OWC in IE.
Vulnerability: OWC delivers methods to control copy and paste operations.
Date: 08-Apr-2002.
Status: Patched by MS02-044. -
GM#006-IE: Reading local files with OWC in IE.
Vulnerability: A redirection vulnerability in an OWC method allows read access to any local file.
Date: 08-Apr-2002.
Status: Patched by MS02-044. -
GM#005-IE: Scripting for the scriptless with OWC in IE.
Vulnerability: A new OWC10 feature can be used to enable scripting when it's disabled.
Date: 08-Apr-2002.
Status: Patched by MS02-044. -
GM#004-IE: Reading portions of local files, depending on structure.
Vulnerability: Cascading Style Sheets can expose portions of local files.
Date: 02-Apr-2002.
Status: Patched by MS02-023. -
GM#003-IE: Retrieving information on local files in IE.
Vulnerability: The image element can disclose sensitive information.
Date: 27-Mar-2002.
Status: Patched. -
GM#002-IE: Automatically opening IE + Executing attachments.
Vulnerability: A vulnerability in HTML+TIME (SMIL) allows to automatically launch IE.
Date: 22-Mar-2002.
Status: Patched by IE6 SP1. -
GM#001-IE: Executing arbitrary commands without Active Scripting or ActiveX.
Vulnerability: A vulnerability in <object> elements can be exploited with data binding.
Date: 27-Feb-2002.
Status: Patched by MS02-015.
GreyMagic Opera Security Research
-
GM#009-OP: Opera Local File/Directory Detection.
Vulnerability: Opera discloses whether local resources exist.
Date: 17-Aug-2004.
Status: Patched in Opera 7.54. -
GM#008-OP: Location, Location, Location.
Vulnerability: Opera fails to block write access to location object.
Date: 05-Aug-2004.
Status: Patched in Opera 7.54. -
GM#007-OP: Phishing for Opera.
Vulnerability: Opera may be fooled to display a fake address.
Date: 03-Jun-2004.
Status: Patched in Opera 7.51. -
GM#006-OP: Sniffing Opera's Tracks.
Vulnerability: Opera permits indirect access to a list of URLs visited by the user in the current session.
Date: 04-Feb-2003.
Status: Patched in Opera 7.01. -
GM#005-OP: Opera: What's Next.
Vulnerability: Opera exposes the last and next URLs in the browser's history.
Date: 04-Feb-2003.
Status: Patched in Opera 7.01. -
GM#004-OP: Opera Images.
Vulnerability: Opera fails to format input strings correctly when viewing single local images.
Date: 04-Feb-2003.
Status: Patched in Opera 7.01. -
GM#003-OP: Phantom of the Opera.
Vulnerability: Opera fails to format input strings correctly in its Javascript console.
Date: 04-Feb-2003.
Status: Patched in Opera 7.01. -
GM#002-OP: Opera's Security Model is Highly Vulnerable.
Vulnerability: Opera implements an incorrect caller-based model and allows external overriding of methods.
Date: 04-Feb-2003.
Status: Patched in Opera 7.01. -
GM#001-OP: Reading ANY local file in Opera.
Vulnerability: Opera's file element's security model can be circumvented.
Date: 27-May-2002.
Status: Patched in Opera 6.03.
GreyMagic Misc Security Research
-
GM#006-MC: Simple Yahoo! Mail Cross-Site Scripting.
Vulnerability: Yahoo mail services can be fooled to run scripts sent in emails.
Date: 03-Jun-2004.
Status: Patched by Yahoo! Mail. - GM#005-MC: Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo.
-
GM#004-MC: Adobe SVG Viewer Cross Domain and Zone Access.
Vulnerability: Adobe SVG Viewer may be manipulated to access any domain and zone.
Date: 07-Oct-2003.
Status: Patched by Adobe SVG Viewer 3.01. -
GM#003-MC: Adobe SVG Viewer Local and Remote File Reading.
Vulnerability: Adobe SVG Viewer implements two methods that may disclose sensitive data.
Date: 07-Oct-2003.
Status: Patched by Adobe SVG Viewer 3.01. -
GM#002-MC: Adobe SVG Viewer Active Scripting Bypass.
Vulnerability: Adobe SVG Viewer makes it possible to run script even when disabled.
Date: 07-Oct-2003.
Status: Patched by Adobe SVG Viewer 3.01. -
GM#001-MC: Exploiting the Google toolbar.
Vulnerability: The Google toolbar has numerous severe vulnerabilities.
Date: 08-Aug-2002.
Status: Patched by Google toolbar 1.1.59/1.1.60.
GreyMagic Mozilla/Firefox Security Research
-
GM#001-NS: Reading local files in Netscape 6 and Mozilla.
Vulnerability: A redirection vulnerability in Mozilla makes it possible to access the entire disk.
Date: 30-Apr-2002.
Status: Patched in bug #141061.
GreyMagic Appendixes
- GM#001-AX: Appendix to "IE allows universal Cross Site Scripting".