TUCoPS :: Browsers :: bt606.txt

MSIE patched&undisclosed XSS vuln 




MSIE:patched&undisclosed XSS vuln

("that's all" is end of file if you are in a hurry)



[tested]

OS:Windows XP Professional

Browser: MS Internet Explorer 6.0.2600.0000.xpclient.01087-1148

(without any patch)

(note: it doesn't work on the patched MSIE) 





[demo]

at

http://www.safecenter.net/liudieyu/AutoScanJPU/AutoScanJPU-MyPage.htm

or

http://umbrella.mx.tc ==> "AutoScanJPU-MyPage" section





[exp]

window.external.AutoScan method can navigate other windows to somewhere, 

and it doesn't filter Javascript-protocol url.





that's all.



[how]

http://www.safecenter.net/CrossZone/ie/UJPU.HTM





[gossiping]





does anyone here know other vulnz patched silently? 







greetings to:

the Pull, dror, guninski and "Vadim Krochak" - and gean!



 



best wishes 



die



------------------------



make notes easily! 

- http://www.safecenter.net/liudieyu/domex

- http://domex.int.tc

-------------------

all mentioned resources can be found at http://umbrella.mx.tc

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH