Kaspersky: IE feature exploited ITW

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

> From Roel Schouwenberg's post # June 27, 2008:

"Quite a long time ago I contacted Microsoft regarding what I thought was a XSS vulnerability in IE.

Microsoft disagreed, preferring to call it a 'feature'.

This feature allows javascript embedded into GIF files to be executed under certain circumstances. The javascript may 
point to an alternate domain (as is the case with XXS vulnerabilities)."
---clip---

More at
http://www.viruslist.com/en/weblog?calendar=2008-06

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.