Re: New URL spoofing bug in Microsoft Internet Explorer
From: http-equiv_at_excite.com (http-equiv_at_excite.com)
Date: 11/11/04
- Previous message: Matthias Geerdsen: "[ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption"
- Maybe in reply to: roozbeh afrasiabi: "Re: New URL spoofing bug in Microsoft Internet Explorer"
- Next in thread: q q: "Re: New URL spoofing bug in Microsoft Internet Explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bugtraq@securityfocus.com> Date: Thu, 11 Nov 2004 21:15:12 -0000
Since we're going the whole nine yards here, let's toss in the following
as well:
1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP
SP2
It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might
suspect that the older versions will function the same.
[screenshot: http://www.malware.com/xcellente.png 5 KB]
Perhaps someone with more knowledge can get it to automate:
'foo.ActiveCell.openHyperlink
'foo.Worksheets(1).Hyperlinks(1).Follow
Then you're back in the popup business.
Raw functional incomplete demo here:
[OWC11: switch on your IE popup blocker]
http://www.malware.com/xcellent.html
-- http://www.malware.com
- Previous message: Matthias Geerdsen: "[ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption"
- Maybe in reply to: roozbeh afrasiabi: "Re: New URL spoofing bug in Microsoft Internet Explorer"
- Next in thread: q q: "Re: New URL spoofing bug in Microsoft Internet Explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
