IE showHelp bug opens multiple windows

From: Argo Pollis (argo_pollis_at_HOTMAIL.COM)
Date: 05/31/03 

Date:         Sat, 31 May 2003 10:01:14 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

A bug in showHelp can cause IE to open dozens of windows.

The bug was demo'ed on IE 5 and 6 under Me, 2k and XP, all seem to work.
It does not appear to be security related although experienced people
point to a subtle unanticipated effect in showHelp that may yield an
exploit.

For what its worth here is the procedure:

(1) Fire up IE and enter about:blank

(2) Next, enter javascript:window.open(showHelp());
Two additional windows will open. One contains an unauthorized message
and the second will be blank except for the phrase "[object]."
Close the other windows leaving the one showing '[object]' open.

(3) The remaining window (showing "[object]") has the original
javascript line still showing in the address box. Add to this ".Click()",
it should read:

javascript:window.open(showHelp()).Click();

(4) Hit return. At this point you should be seeing dozens of windows
opening.

MS has been notified.

Cheers "Argo"

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service

TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!

http://www.trusecure.com/offer/s0074/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Relevant Pages

  • Re: Why Linux is not getting poplular in Desktop in any Corporate world?
    ... > on Thursday they could face patent lawsuits for using the Linux ... > operating system instead of its Windows software. ... > threat to the global dominance of Microsoft's Windows. ... Microsoft Chief Executive Steve Ballmer said at ...
    (alt.os.linux.suse)
  • Re: False Positive? No Its MS Malware!
    ... It calls it a randomly named file....C Windows system: ... It remains in Windows system. ... threat. ... The MS Security Update KB891711 was released to fix "Cursor and Icon ...
    (alt.comp.anti-virus)
  • Re: False Positive?
    ... Noel Paton wrote: ... >> XOFT security check and it identified it as a MALWARE THREAT. ... >> removed it expecting to see it show up upon reboot in Windows ... >>> Marcus ...
    (alt.comp.anti-virus)
  • Re: Microsoft AntiSpyware Beta - Severe Bug crashes PC
    ... Microsoft MVP (Windows Security) ... I have a Direct Connect client on one computer ... > Threat Level: Moderate ... > Antispyware was able to remove the threat from the registry fine but the ...
    (microsoft.public.win2000.security)
  • Re: Warmth returns at last
    ... >>> Trevor, from your comment on today's weather that seems like a threat to ... I had two large sash windows and a fire door fullt open in the office ...
    (uk.sci.weather)