The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,777 other followers

Pushing poisoned style sheets into documents to XSS into GMail via copy and…

Posted by jpluimers on 2015/04/03

Scary:

Pushing poisoned style sheets into documents to XSS into GMail via copy and paste.

“Affected” office software

  • Office 2013, LibreOffice and similar tools, PDF Reader, FoxIT Reader
  • They can be used to poison the clipboard with malicious markup

Affected browsers

  • Just MSIE, Chrome, Opera, Safari, Firefox, anything WebKit or Blink.
  • Strangely, Blink on Windows behaves differently from Blink on *nix

Flash can be used to attach as well.

Details: https://insomnihackdotme.files.wordpress.com/2015/03/copypest.pdf

Thanks Kristian for posting.

–jeroen

via:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: