VULHUB ™

A vulnerability was reported in Microsoft Internet Explorer that could permit a remote site to gain access to contents of the client user's clipboard. This vulnerability is a variant of similar issues which could permit scripting operations to gain access to clipboard contents, such as that described in BIDs 215 and 3862. This issue employs the execCommand("Paste") method to copy clipboard contents into small (or hidden) textarea. In this manner, security checks performed by the browser are bypassed and the clipboard contents will be copied. The impact of exploitation depends entirely on what sort of information is stored in the user's clipboard at the time of exploitation, though it is common for user's to copy various credentials into their clipboard.

A vulnerability was reported in Microsoft Internet Explorer that could permit a remote site to gain access to contents of the client user's clipboard. This vulnerability is a variant of similar issues which could permit scripting operations to gain access to clipboard contents, such as that described in BIDs 215 and 3862. This issue employs the execCommand("Paste") method to copy clipboard contents into small (or hidden) textarea. In this manner, security checks performed by the browser are bypassed and the clipboard contents will be copied. The impact of exploitation depends entirely on what sort of information is stored in the user's clipboard at the time of exploitation, though it is common for user's to copy various credentials into their clipboard.