• Security
  • News
  • Vulnerabilities
    • Internet Explorer
    • Opera
    • Other
    • Mozilla Firefox
  • Online Tools
    • Script Decoder
  • Subscribe
• Products
  • Composica Enterprise
• Services
  • Rich Applications
    • Portfolio
    • Philosophy
• Contact

GreyMagic Internet Explorer Security Research

• GM#015-IE: File Selection May Lead to Command Execution.
  Vulnerability: Malformed files are able to execute arbitrary commands when selected.
  Date: 19-Apr-2005.
  Status: Open.
• GM#014-IE: Script Injection to Custom HTTP Errors in Local Zone.
  Vulnerability: Attackers may exploit a flawed function in internal resources.
  Date: 17-Jun-2003.
  Status: Open.
• GM#013-IE: Cross-Site Scripting in Unparsable XML Files.
  Vulnerability: Any XML file that cannot be parsed poses a risk of Cross-Site Scripting.
  Date: 17-Jun-2003.
  Status: Patched by IE6 SP1.
• GM#012-IE: Vulnerable cached objects in IE (9 advisories in 1).
  Vulnerability: Nine critical vulnerabilities using cached objects.
  Date: 22-Oct-2002.
  Status: Patched by various releases.
• GM#011-IE: Internet Explorer : The D-Day.
  Vulnerability: A vulnerability in an undocumented property in IE.
  Date: 15-Oct-2002.
  Status: Patched by MS02-066.
• GM#010-IE: Who framed Internet Explorer.
  Vulnerability: A critical vulnerability in the way frames are handled by IE.
  Date: 09-Sep-2002.
  Status: Patched by MS02-066.
• GM#009-IE: Accessing remote/local content in IE.
  Vulnerability: A vulnerability in deprecated XML data-islands may disclose sensitive data.
  Date: 23-Aug-2002.
  Status: Patched by MS02-047.
• GM#008-IE: Multiple local files detection issues with OWC in IE.
  Vulnerability: Certain features in OWC can lead to file existence disclosure.
  Date: 08-Apr-2002.
  Status: Patched by MS02-044.
• GM#007-IE: Controlling the clipboard with OWC in IE.
  Vulnerability: OWC delivers methods to control copy and paste operations.
  Date: 08-Apr-2002.
  Status: Patched by MS02-044.
• GM#006-IE: Reading local files with OWC in IE.
  Vulnerability: A redirection vulnerability in an OWC method allows read access to any local file.
  Date: 08-Apr-2002.
  Status: Patched by MS02-044.
• GM#005-IE: Scripting for the scriptless with OWC in IE.
  Vulnerability: A new OWC10 feature can be used to enable scripting when it's disabled.
  Date: 08-Apr-2002.
  Status: Patched by MS02-044.
• GM#004-IE: Reading portions of local files, depending on structure.
  Vulnerability: Cascading Style Sheets can expose portions of local files.
  Date: 02-Apr-2002.
  Status: Patched by MS02-023.
• GM#003-IE: Retrieving information on local files in IE.
  Vulnerability: The image element can disclose sensitive information.
  Date: 27-Mar-2002.
  Status: Patched.
• GM#002-IE: Automatically opening IE + Executing attachments.
  Vulnerability: A vulnerability in HTML+TIME (SMIL) allows to automatically launch IE.
  Date: 22-Mar-2002.
  Status: Patched by IE6 SP1.
• GM#001-IE: Executing arbitrary commands without Active Scripting or ActiveX.
  Vulnerability: A vulnerability in <object> elements can be exploited with data binding.
  Date: 27-Feb-2002.
  Status: Patched by MS02-015.