Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities

From: Berend-Jan Wever (skylined_at_edup.tudelft.nl)
Date: 04/12/05

  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200504-10 ] Gld: Remote execution of arbitrary code" 
    To: "full-disclosure" <full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>
Date: Tue, 12 Apr 2005 22:57:18 +0200

    Details and PoC code for MSIE DHTML Object handling vulnerabilities are available online at my website:
    http://www.edup.tudelft.nl/~bjwever
    Note: page is not up-to-date, since it was written in August/September 2004. Additional information will be added when found during testing of MS05-20 patch.

    Cheers,
    SkyLined

    PS. I was pretty surprised nobody asked me why I went from Internet Exploiter 1 to Internet Exploiter 3.... so now you know.

                            .-----------------------------------,
                           / Berend-Jan Wever aka SkyLined )
                          / skylined@edup.tudelft.nl / \
                         / http://www.edup.tudelft.nl/~bjwever / /
                        / PGP key ID 0x48479882 / /
                       / .----. , / /
                      / ( ' / / . __ __/ / /
                     / `'-._ /.' | / / / ( / /_.'.' / / /
                    ( ) / ) |/ / / / ) (__ (__/ / /
                     \-------' ------` '-----------------< /
                      \______.`\______\/\_________________\/

    The information contained in this e-mail, if any, is often incorrect and
    probably plagiarized. It is intended solely for the amusement of the addressee.
    If you are not the intended recipient, my bad. Any action taken or omitted to
    be taken in reliance on the information in this message is your problem. Please
    notify me immediately if you have received it in error by reply e-mail and then
    delete this message from your system and any files in it's vicinity.

    I endeavour to ensure that my emails and any attachments are free from viruses,
    content, value or other contaminants. However, I cannot accept any
    responsibility might something worthwhile accidentally slip in. I therefore
    recommend you do not read them at all just to be sure.

    Please note that the statements and views expressed in this email and any
    attachments are completely chosen at random by the author and do not
    necessarily represent anything coherent, relevant or usefull.

  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200504-10 ] Gld: Remote execution of arbitrary code"

    Relevant Pages
    • Quantcast