Clipboard Exploit

[jfall]

Seen this over on Xp-erience.org.. thought some of you may like to know about it:

Your Windows clipboard can expose sensitive information from your PC.

If your like me and use your windows clipboard alot then who knows what websites have collected from us.

The biggest threat is if you copy your internet banking security code or password to your clipboard, then go surfing. You may even copy your Credit Card number when buying online, so it is easier to fill in the details, you may then go to a site that harvests your clipboard information.

If you do the above, dont, as there is an exploit out that can gather that information from your PC. There are a number of malicious websites just waiting for you.

I have provided an example that you can see for yourself how this works, the example does NOT harvest the information, it just displays it as an example of what malicious websites can do.

Copy some text then click on the link below for an example :


Clipboard Exploit

Does anyone know if there is a fix or anything for this?

 

[Yossarian]

didn't work for me

 

[jfall]

Worked on mine.. i'm running XP pro through a linux firewall.. IE 6 with all the latest patches

 

[Spikey217]

XP Pro SP1 IE6 Latest Patches -> It showed.

Oh well, I never copy anything personal - passwords, CC#.

 

[Joemonkey]

scary stuff!

but i never copy important stuff onto the clipboard anyway... just a bunch of hyperlinks popped up

 

[boyRacer]

Is this the script that's doing that?

<script>

var interval = 4000;
var prevClipboard = "";
var clipHistory = "";

function main ()
{
window.setTimeout("test();", interval);
return;
}

function test()
{

document.clippie.SWAP.value = "";
document.clippie.SWAP.focus();
document.execCommand("paste");
document.clippie.SWAP.blur();
newClipboard = document.clippie.SWAP.value;

document.clippie.SWAP.value = "";
if(newClipboard == prevClipboard)
{
window.setTimeout("test()", interval);
return;
}
clipHistory += "----> " + (new Date()) + ": ";

clipHistory += newClipboard + "";
prevClipboard = newClipboard;

document.clippie.MAIN.value = clipHistory;

window.setTimeout("test();", interval);
return;
}

main();

</script>

Hmmm... good thing i don't do much with the clipboard...

 

[HappyPuppy]

I never leave any sensitive information on my HDD. I store it on CD's. When I need it I put the CD in the drive and access it. Why would anyone ever leave anything that is highly personal on their computer?

 

[Spikey217]

If you go to the comments section of the news at the website, it's a problem with IE. MS will patch it soon. You can also fix it by going to your internet options. Under security, go to custom level and disable 'allow paste operations via script'.

 

[DanFungus]

Originally posted by: Spikey217
If you go to the comments section of the news at the website, it's a problem with IE. MS will patch it soon. You can also fix it by going to your internet options. Under security, go to custom level and disable 'allow paste operations via script'.

so that's what that does....interesting
/me disables that option

 

[jfall]

Ya pretty scary stuff.. I normally copy and paste a lot of my usernames/passwords and other information.. won't be doing that again until MS patches it

 

[GroundZero]

yet another reason i use as little of ie as possible.
never use outlook or outlook express and ie only if i have to.
too many damn holes and exploits out there...

 

[morkinva]

Originally posted by: Spikey217
Under security, go to custom level and disable 'allow paste operations via script'.

kewl thanx

 

[notfred]

Oh well, I never copy anything personal - passwords, CC#.

Why do people with this attitude even bother installing security patches?

 

[Adul]

didnt work for me

oh wait I use mozilla

 

[TheVrolok]

Originally posted by: Spikey217
If you go to the comments section of the news at the website, it's a problem with IE. MS will patch it soon. You can also fix it by going to your internet options. Under security, go to custom level and disable 'allow paste operations via script'.

Not that I really ever c/p stuff that is sensative, but thanks, neat thing to know.

 

[Spikey217]

Originally posted by: notfred

Oh well, I never copy anything personal - passwords, CC#.

Why do people with this attitude even bother installing security patches?

If I never copy any passwords or credit card numbers to my clipboard, that means I shouldn't install security patches? Since I don't copy passwords or credit card numbers, that mean that I shouldn't care about the pre-SP1 malicious code that could wipe out your hard drive when specific links are clicked on?

 

[nagger]

Originally posted by: Adul
didnt work for me

oh wait I use mozilla

same here

I had to fire up the Internet Exterminator to see this new exploit in full working order

 

[bmacd]

wow...scary

-=bmacd=-

 

[db]

Thanks.

 

[Shalmanese]

Originally posted by: HappyPuppy
I never leave any sensitive information on my HDD. I store it on CD's. When I need it I put the CD in the drive and access it. Why would anyone ever leave anything that is highly personal on their computer?

What about emails, Document in progress, IM logs and everything else that gets changed 10 times a week? Do you re burn a new copy each time?

 

[Pepsi90919]

Originally posted by: HappyPuppy
I never leave any sensitive information on my HDD. I store it on CD's. When I need it I put the CD in the drive and access it. Why would anyone ever leave anything that is highly personal on their computer?

because they're normal?