Security Flaw IE

[JacK]

About clipboard (look like a former patched vulnerability)

Seems to be related to M$ virtual Machine.
Opera and Mozilla are not affected

Test : copy something to your clipboard then go to :
www.ntfs.org/tmp/clip.html

BTW, it's always wiser never use copy/paste when you have to enter sensible data like credit card numbers, etc... Enter them manually or reboot when done to clear the clipboard.

Rgds,

[JayK]

Hmm I get a warning prompt and if I click no it does work.

I suppose that's because I set "allow paste operations via script" to prompt...

[sk]

I'm honestly not sure I've got the full gist of this thread, but I do know of a simple, easy clipboard clearing program that I've used, called Clear Clipboard, and will post the link to that site below in case that helps. I've never seen the program in a 'security' light; more along the lines of freeing up the clipboard to free up resources along more utilitarian lines. But it sounds as if it might serve a security function as well, although I'm not sure but will post anyway.

NOTE: Beware of all the virtual ave crap if you don't already have it blocked. (I'm at work, on a system that won't allow me to load all my favorite tools, so I got blasted at that site; so I wanted to post a warning just in case.)

http://segobit.virtualave.net/clycl.htm

sk

[spy1]

sk - You might want to read this little synopsis I put together on the subject - it'll make it a little clearer for you (I hope). Pete

http://www.hftonline.com/forum/showt...threadid=11082

[sk]

Quote:

quoting: spy1 link=board=21;threadid=5724;start=0#39450 date=1041691001]
sk - You might want to read this little synopsis I put together on the subject - it'll make it a little clearer for you (I hope). Pete

http://www.hftonline.com/forum/showt...threadid=11082

Thanks, Pete. It definitely made it clearer, at least I think it did. But part of that clarity involves a reinforced notion that the tool I posted does in fact work, so I'm a little confused now as to why you didn't offer any feedback specifically on the tool and its effectiveness. When I use that tool to clear the clipboard, and go to the test link you provided, it shows that it is indeed empty. Prior to using the tool, it showed information still in the clipboard. That says to me that the tool is indeed working. Personally, I prefer to be able to utilize cut/paste operations for convenience sake, as long as I have a manual 'override/fix' to be able to implement proper security measures as well. I feel that the use of the "Clear Clipboard" tool does exactly that; that's why I posted it. So as of now, I think I have a full picture of what's involved, thanks to everything you posted, but since you didn't post what you thought of that tool, I'm still a little confused in that regard.

Also, somewhat tangentially, I am wondering why no mention was made about the service called "ClipBook", with Black Viper suggests be disabled as it is a potential security hole involving possible remote access/exploitation involving the clipboard.



sk

[spy1]

sk - No mystery - I just don't use the program you're referring to (that's why I didn't respond to your comment on it).

(a) I never have anything in the clipboard that would ever be useful to anyone, anyway.

(b) I have "Allow paste operation via scripts" disabled.

(c) My "Publisher's" field is empty (and stays that way). Thus, the exploit can't be re-installed behind my back.

So it's not really an issue for me. Pete

[sk]

Quote:

quoting: spy1 link=board=21;threadid=5724;start=0#39513 date=1041708445]
sk - No mystery - I just don't use the program you're referring to (that's why I didn't respond to your comment on it).

(a) I never have anything in the clipboard that would ever be useful to anyone, anyway.

(b) I have "Allow paste operation via scripts" disabled.

(c) My "Publisher's" field is empty (and stays that way). Thus, the exploit can't be re-installed behind my back.

So it's not really an issue for me. Pete

OK. Well, it might offer an alternative for people who want to be able to utilize the convenience of the clipboard yet do it responsibly and securely at the same time. That was really the point of my my question, since you seemed interested in the general topic, not just how it related to your own settings.

sk