MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable

From: Piotr Pawłow (ppat_private)
Date: Fri Sep 06 2002 - 07:25:47 PDT

Next message: zen-parse: "zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad]"

Previous message: Foundstone Labs: "Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP"
In reply to: Liu Die Yu: "MSIEv6 % encoding causes a problem again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Test page for Konqueror is at:
http://pp.siedziba.pl/2f/

I have also tested it with Mozilla 1.0 (Gecko/20020829) and Galeon 1.2.5 
(Gecko/20020606) and found not vulnerable - the script throws "Permission 
denied to get property HTMLDocument.body" exception.

-- 
 Piotr Pawłow
 mailto:ppat_private

Next message: zen-parse: "zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad]"
Previous message: Foundstone Labs: "Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP"
In reply to: Liu Die Yu: "MSIEv6 % encoding causes a problem again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 12:20:32 PDT