Re: Javascript in IE may spoof the whole screen

From: Julian Hall (julesat_private)
Date: Tue Oct 23 2001 - 10:54:03 PDT

Next message: Kratter, Dave: "Check Point VPN-1 SecuRemote Flaw"

Previous message: Michal Zalewski: "Re: SSH deja vu"
In reply to: Georgi Guninski: "Javascript in IE may spoof the whole screen"
Next in thread: Miguel Angel Rodriguez Jodar: "Re: Javascript in IE may spoof the whole screen"
Reply: Miguel Angel Rodriguez Jodar: "Re: Javascript in IE may spoof the whole screen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Georgi Guninski wrote:

> Georgi Guninski security advisory #50, 2001
>
> Javascript in IE may spoof the whole screen
>
> Systems affected:
> IE 5.5/6.0 on Windows, probably earlier versions

[...]

>
> Demonstration:
>
> Image moving over download/open dialog:
> http://www.guninski.com/opf2.html
> BSOD emulation:
> http://www.guninski.com/bsod1.html

Neither of these demonstrations function correctly in IE 5.0; they produce script
error message boxes, reporting that the 'object does not support the requested
method'.  I don't know whether that means IE 5.0 isn't vulnerable or not...

Next message: Kratter, Dave: "Check Point VPN-1 SecuRemote Flaw"
Previous message: Michal Zalewski: "Re: SSH deja vu"
In reply to: Georgi Guninski: "Javascript in IE may spoof the whole screen"
Next in thread: Miguel Angel Rodriguez Jodar: "Re: Javascript in IE may spoof the whole screen"
Reply: Miguel Angel Rodriguez Jodar: "Re: Javascript in IE may spoof the whole screen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 13:34:52 PDT