On Sun, 21 Oct 2001 14:14:37 +0300, Georgi Guninski wrote: > > Description: > > This is *not* security vulnerability by itself but has some > security implications. There are a number of additional situations, namely the HOMEPAGE behavior of the Internet Explorer series 5.5 +. Very trivial scripting, that will position on any size screen, on a website can cause quite a bit of havoc. Instead of providing the code how to do it, consider the following screen shots: This is a "disguised" prompt. We've reversed the 'yes' 'no' function so that you've basically "had it": http://www.malware.com/pooper.jpg [13kb] the next is the popup off center to illustrate what was done: http://www.malware.com/poop.jpg [18kb] From a security POV, there still remains many vulnerable IE5.5 browsers susceptible to the [your], com.ms.activeX.ActiveXComponent vulnerability along with a handful of html/web based Trojans and worms out there, that coupled with an ActiveX prompt, could just as easily be disguised as above. --- http://www.malware.com _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/
This archive was generated by hypermail 2b30 : Mon Oct 22 2001 - 07:30:44 PDT
