MSIE:patched&undisclosed XSS vuln

From: Liu Die Yu (liudieyuinchinaat_private)
Date: Sat Jul 12 2003 - 01:40:09 PDT

Next message: Nick FitzGerald: "Re: ServU FTP Service (Win32) is able to relay email"

Previous message: Brett Moore: "Shattering SEH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) MSIE:patched&undisclosed XSS vuln ("that's all" is end of file if you are in a hurry) [tested] OS:Windows XP Professional Browser: MS Internet Explorer 6.0.2600.0000.xpclient.01087-1148 (without any patch) (note: it doesn't work on the patched MSIE) [demo] at http://www.safecenter.net/liudieyu/AutoScanJPU/AutoScanJPU-MyPage.htm or http://umbrella.mx.tc ==> "AutoScanJPU-MyPage" section [exp] window.external.AutoScan method can navigate other windows to somewhere, and it doesn't filter Javascript-protocol url. that's all. [how] http://www.safecenter.net/CrossZone/ie/UJPU.HTM [gossiping] does anyone here know other vulnz patched silently? greetings to: the Pull, dror, guninski and "Vadim Krochak" - and gean! best wishes die ------------------------ make notes easily! - http://www.safecenter.net/liudieyu/domex - http://domex.int.tc ------------------- all mentioned resources can be found at http://umbrella.mx.tc

Next message: Nick FitzGerald: "Re: ServU FTP Service (Win32) is able to relay email"
Previous message: Brett Moore: "Shattering SEH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 12 2003 - 14:33:13 PDT