funsec mailing list archives
Kaspersky: IE feature exploited ITW
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Mon, 30 Jun 2008 23:03:29 +0300 (EEST)
From Roel Schouwenberg's post # June 27, 2008:
"Quite a long time ago I contacted Microsoft regarding what I thought was a XSS vulnerability in IE. Microsoft disagreed, preferring to call it a 'feature'. This feature allows javascript embedded into GIF files to be executed under certain circumstances. The javascript may point to an alternate domain (as is the case with XXS vulnerabilities)." ---clip--- More at http://www.viruslist.com/en/weblog?calendar=2008-06 Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Kaspersky: IE feature exploited ITW Juha-Matti Laurio (Jun 30)