Full Disclosure mailing list archives
Re[2]: Internet Explorer drag&drop 0day
From: Thierry Zoller <Thierry () Zoller lu>
Date: Tue, 14 Feb 2006 22:45:44 +0100
Dear Markus, M> under the heading "Do you have a demonstration ?", both links to the M> demo "exploit" are dead. Yes they are, I was to lazy to remove them. I will replace them with some working PoC heise.de links. M> I assume in an attempt to hide the target url you meant to use the M> * onclick * javascript event, or even the * onmousedown * or * onmouse * up, M> but surely not the * onmouseover * ! No I used on mouse over. The "exploit" was a PoC nothing more, I think to recall it launched calc.exe or similar (google for shreddersub7) M> You are aware that you current chosen method would have launched your M> exploit on the machine of a prospective customer, The links are supposed to do so. M> Please give your web designer a whack on the side of the head though. That would be me.... ouch! that hurt. I know I need a redesign for sake of usability. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Internet Explorer drag&drop 0day Gadi Evron (Feb 13)
- Re: Internet Explorer drag&drop 0day Thierry Zoller (Feb 13)
- Re: Internet Explorer drag&drop 0day Shyaam (Feb 13)
- Re: Internet Explorer drag&drop 0day Valdis . Kletnieks (Feb 13)
- Re: Internet Explorer drag&drop 0day Gadi Evron (Feb 13)
- Re: Internet Explorer drag&drop 0day Shyaam (Feb 13)
- <Possible follow-ups>
- Re: Internet Explorer drag&drop 0day Markus (Feb 13)
- Re[2]: Internet Explorer drag&drop 0day Thierry Zoller (Feb 14)
- Re: Internet Explorer drag&drop 0day Markus (Feb 15)
- Re[2]: Internet Explorer drag&drop 0day Thierry Zoller (Feb 16)
- Re: Internet Explorer drag&drop 0day Markus (Feb 16)
- Re: Internet Explorer drag&drop 0day Thierry Zoller (Feb 13)