|
Summary of JS/Clipboard.IE.exploit |
| Discovered: |
12 Jan 2002 |
| Risk Level: |
Medium |
| Infection Method: | This vulnerability is exploited through a JavaScript. |
| Payload: |
A malicious user can access and retrieve the content of the user clipboard |
|
|
|
| Technical Description |
| The IE Clipboard content stealing vulnerability was addressed early in Januar 2002. Not a vulnerability as such, but can lead to an information leak under certain circumstances and therefore poses as a security risk to end user by allowing the content of the user clipboard to be copied and stored while viewing a website. We have seen recently active application of this vulnerability, where websites retrieve and log the content of the users clipboard. F-Prot now detects malicious files using this vulnerability as JS/Clipboard.IE.exploit. |
| Removal Instructions |
A work-around for users using Internet Explorer 5.0 < , is to disable or set-to-prompt the option of "Allow paste operation via script", which is accessible through | Tools \ Internet Options \ Security \ Internet security zone \ Custom Level \ Scripting \ Allow paste operations via script | |
Sindri Bjarnason - virus analyst, FRISK Software Int. |
|
