FRISK Software International


Summary of JS/Clipboard.IE.exploit
Discovered: 12 Jan 2002
Risk Level: Medium
Infection Method:This vulnerability is exploited through a JavaScript.
Payload: A malicious user can access and retrieve the content of the user clipboard
 
Jump to:
Technical description
Removal Instructions

Technical Description
The IE Clipboard content stealing vulnerability was addressed early in Januar 2002. Not a vulnerability as such, but can lead to an information leak under certain circumstances and therefore poses as a security risk to end user by allowing the content of the user clipboard to be copied and stored while viewing a website. We have seen recently active application of this vulnerability, where websites retrieve and log the content of the users clipboard. F-Prot now detects malicious files using this vulnerability as JS/Clipboard.IE.exploit.


Removal Instructions
A work-around for users using Internet Explorer 5.0 < , is to disable or set-to-prompt the option of "Allow paste operation via script", which is accessible through | Tools \ Internet Options \ Security \ Internet security zone \ Custom Level \ Scripting \ Allow paste operations via script |

Sindri Bjarnason - virus analyst, FRISK Software Int.
 


Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:

Authentium

perComp Verlag
(in German)
 

agoat@klaki.net argentina@f-prot.com argentina@frisk.is argentina@complex.is argentina@f-prot.is argentina@frisk-software.com argentina@f-prot.net argentina@f-prot.co.uk brazil@f-prot.com brazil@frisk.is brazil@complex.is brazil@f-prot.is brazil@frisk-software.com brazil@f-prot.net brazil@f-prot.co.uk malta@f-prot.com malta@frisk.is malta@complex.is malta@f-prot.is malta@frisk-software.com malta@f-prot.net malta@f-prot.co.uk a.bjani@f-prot.com a.bjani@frisk.is a.bjani@complex.is a.bjani@f-prot.is a.bjani@f-prot.co.uk a.bjani@frisk-software.com a.bjani@f-prot.net z.fifl@f-prot.com z.fifl@frisk.is z.fifl@complex.is z.fifl@f-prot.is z.fifl@f-prot.co.uk z.fifl@frisk-software.com z.fifl@f-prot.net strumpuri@complex.is strumpure@complex.is strumpuru@complex.is