Re: [Full-Disclosure] internet-explorer: bug or feature?
From: Andrew Clover (and-bugtraq_at_doxdesk.com)
To: firstname.lastname@example.org Date: Thu, 01 Apr 2004 22:03:25 +0100
> a small alert popps up and says me '*plopp*', so it seems, that i can
> inject any code i want.
Originally reported here:
This was eventually fixed in IE6 SP1, after it was discovered that due
to a parsing error this could be abused to execute in the security
context of any target domain.
> i am not sure if its what the 'about:'-construct is for
It was just another random pointless feature. IE has a lot of these.
Sometimes they prove a security liability and very occasionally they get
removed, but no-one seems to have thought of not including them in the
-- Andrew Clover mailto:email@example.com http://www.doxdesk.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html