[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible new cross zone scripting in IE

To: <bugtraq@securityfocus.com>
Subject: Re: Possible new cross zone scripting in IE
From: "http-equiv@excite.com" <1@malware.com>
Date: Tue, 10 Feb 2004 17:28:30 -0000


 <!--

Cheng Peng Su Wrote:

<a href="shell:My Music" 

 -->

Excellent ! The revival of the Pull's shell game: 

"directoryInfo.html", ie the "file://::{CLSID}"

[see: http://www.securityfocus.com/bid/3867/]


The following on this so-called Microsoft Windows XP machine:

Control Panel 
Administrative Tools 
Cache 
CD Burning 
Cookies
Desktop
Favorites
Fonts 
History 
Application Data 
Local Settings 
My Music 
My Pictures 
My Video 
NetHood 
Personal [my documents] 
PrintHood 
Programs 
Recent 
SendTo 
Start Menu 
Startup 
Templates

http://www.malware.com/shell.game.html

"Cache" can be very interesting


-- 
http://www.malware.com

Prev by Date: Re: Eggrop bug
Next by Date: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Previous by thread: Possible new cross zone scripting in IE
Next by thread: XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal
Index(es):
- Date
- Thread