RE: [Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !

• Previous message: Owned You: "Re: [Full-Disclosure] TCP Port 42 port scans? What the heck over..."
• Maybe in reply to: http-equiv_at_excite.com : "[Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !"
• Next in thread: James Tucker: "Re: [Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !"
• Reply: James Tucker: "Re: [Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 13 Dec 2004 15:40:32 -0500
To: full-disclosure@lists.netsys.com

This is what one of our developers came up with:

"I could only find one bypass that uses the DHTML Edit Control ActiveX
control (clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A) installed with the
IE.

An example of this is http://www.malware.com/flopup.html

This still showed a popup even when I said block all popups. It
basically uses this ActiveX control to execute a javascript as follows:
x.DOM.Script.execScript(shellscript.toString());
x.DOM.Script.setTimeout("shellscript()");

You could either disable this control (which I don't know if there are
programs that depend on it). You could also disallow ActiveX controls
which would break Sharepoint among other things."

Any comments?

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Scott Renna
Sent: Friday, December 10, 2004 11:42 PM
To: 1@malware.com
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick
it in the nut !

Beautiful...how many more fun ones like these until people start to
migrate away from IE.....

http-equiv@excite.com wrote:
> Friday, December 10, 2004
>
> Internet Explorer 6 on the gadget commonly known as Windows XP SP2
enjoys
> a fairly robust "popup blocker".
>
> This little 'thing' has been a major irritation to date. Nothing gets
past
> it until now. Chatter exists that some sites have defeated it on the
> causal default setting. We only deal in the high settings here !
>
> Our Chairman and CEO, Mr. Liu Die Yu takes the sledgehammer and cracks

> open this bothersome little nut like so:
>
> http://www.malware.com/flopup.html
>
> Notes:
>
> 1. Nothing like a bit of irritation to get constructive
> 2. Additional popup blocker from MSN is also killed, may may Die ! too
> 3. Get editive before it's too late: http://www.editive.com
> 4. None
>
> End Call
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@oxygen.com and destroy all electronic and paper copies of this e-mail.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Owned You: "Re: [Full-Disclosure] TCP Port 42 port scans? What the heck over..."
• Maybe in reply to: http-equiv_at_excite.com : "[Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !"
• Next in thread: James Tucker: "Re: [Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !"
• Reply: James Tucker: "Re: [Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]