Date: Wed, 23 Dec 1998 20:09:05 -0800 From: aleph1@UNDERGROUND.ORG Subject: The grand-son of Cuartango Hole To: BUGTRAQ@NETSPACE.ORG Ladies and Gentlemen, Yesterday I reported to Microsoft the "Grand-Son of Cuartango hole". Still the same "USP" problem existing in the "Cuartango Hole" and the "Son of Cuartago Hole" : Your computer files can be stolen by a malicious script. MS has fixed it inmediately with the "Frame Spoof Fix" : http://www.microsoft.com/windows/ie/security/spoof.asp You will find a technical description and a real demo in the page below : http://pages.whowhere.com/computers/cuartangojc/gson2.html Have a merry Christmas and a happy new year Regards, Juan Carlos G. Cuartango