[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: New URL spoofing bug in Microsoft Internet Explorer

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Re: New URL spoofing bug in Microsoft Internet Explorer
From: "http-equiv@xxxxxxxxxx " <1@xxxxxxxxxxx>
Date: Thu, 11 Nov 2004 21:24:19 -0000


Since we're going the whole nine yards here, let's toss in the following 
as well:

1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP 
SP2

It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might 
suspect that the older versions will function the same.

[screenshot: http://www.malware.com/xcellente.png 5 KB]

Perhaps someone with more knowledge can get it to automate:

'foo.ActiveCell.openHyperlink
'foo.Worksheets(1).Hyperlinks(1).Follow

Then you're back in the popup business.

Raw functional incomplete demo here:
[OWC11: switch on your IE popup blocker]


http://www.malware.com/xcellent.html


-- 
http://www.malware.com






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] dab@heise.de
Next by Date: Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
Previous by thread: RE: [Full-Disclosure] dab@heise.de
Next by thread: [Full-Disclosure] IE is just as safe as FireFox
Index(es):
- Date
- Thread