Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE exploit runs code from graphics?

From: "Aditya, ALD [ Aditya Lalit Deshmukh ]" <aditya.deshmukh () online gateway technolabs net>
Date: Sat, 26 Jun 2004 11:52:08 +0530
files (.CHM) from some web site, causing the HTML code inside the .CHM 
to be run in the "My Computer" security zone.  Typically (like all but 
one of _dozens and dozens_ of these I've seen) the "inner" HTML run 


this is one of the  _dozens and dozens_  reasons to use mozilla on untrusted sites and use ie to access internal 
websites if they do depend of some ie features but set the default browser to mozilla so that when ever the user cliks 
something it opens in mozilla 



That is hardly the same thing as "embedded code hidden in graphics on 
Web pages", but I can easily imagine a naïve journalist getting 
confused over such technical issues or a company representative 
hankering for some media exposure over-selling the seriousness or 
novelty of what they "discovered"...


and these are the people who raise the script kiddies to "elite hackers!"


-aditya

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
éb½êÞvë"žaxZÞx÷«²‰Ú”Gb¶*'¡óŠ[kj¯ðÃæj)m­ªÿr‰ÿ

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: