Actually, both examples work. At least on MSIE 6.0 under Windows 98SE. The original message states that vulnerable systems are IE 5.5 and later... -- Miguel Angel Rodriguez Jodar | http://icaro.fie.us.es Area de Arquitectura y Tecnologia de Computadores Universidad de Sevilla On Tue, 23 Oct 2001, Julian Hall wrote: > > > Georgi Guninski wrote: > > > Georgi Guninski security advisory #50, 2001 > > > > Javascript in IE may spoof the whole screen > > > > Systems affected: > > IE 5.5/6.0 on Windows, probably earlier versions > > [...] > > > > > Demonstration: > > > > Image moving over download/open dialog: > > http://www.guninski.com/opf2.html > > BSOD emulation: > > http://www.guninski.com/bsod1.html > > Neither of these demonstrations function correctly in IE 5.0; they produce script > error message boxes, reporting that the 'object does not support the requested > method'. I don't know whether that means IE 5.0 isn't vulnerable or not... > > >
This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 15:53:55 PDT