Re: [Full-Disclosure] Comments on 5 IE vulnerabilities

From: Georgi Guninski (guninski_at_guninski.com)
Date: 12/02/03

  • Next message: Paul Starzetz: "Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory"
    To: "Thor Larholm" <thor@pivx.com>
    Date: Tue, 2 Dec 2003 19:12:30 +0200
    
    

    On Mon, 1 Dec 2003 15:37:04 -0800
    "Thor Larholm" <thor@pivx.com> wrote:

    > Each and every command execution vulnerability in Internet Explorer over
    > the last few years have all depended on the functionality of local
    > security zones. Whenever you are crafting an exploit, you want to
    > navigate a window object to a local security zone, inject some scripting
    > or HTML into the window object and subsequently use the features of the

    This is nonsense.

    Comment on these ones:
    http://www.guninski.com/iexla.html
    http://www.guninski.com/signedactivex2.html
    all the java stuff at:
    http://www.guninski.com/browsers.html

    there are much more, but i am too lazy to exploder crap for you.

    georgi

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Paul Starzetz: "Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory"