Bugtraq mailing list archives
Re: Javascript in IE may spoof the whole screen
From: "http-equiv () excite com" <http-equiv () excite com>
Date: Sun, 21 Oct 2001 12:46:24 -0700 (PDT)
On Sun, 21 Oct 2001 14:14:37 +0300, Georgi Guninski wrote:
Description: This is *not* security vulnerability by itself but has some security implications.
There are a number of additional situations, namely the HOMEPAGE behavior of the Internet Explorer series 5.5 +. Very trivial scripting, that will position on any size screen, on a website can cause quite a bit of havoc. Instead of providing the code how to do it, consider the following screen shots: This is a "disguised" prompt. We've reversed the 'yes' 'no' function so that you've basically "had it": http://www.malware.com/pooper.jpg [13kb] the next is the popup off center to illustrate what was done: http://www.malware.com/poop.jpg [18kb]
From a security POV, there still remains many vulnerable IE5.5 browsers
susceptible to the [your], com.ms.activeX.ActiveXComponent vulnerability along with a handful of html/web based Trojans and worms out there, that coupled with an ActiveX prompt, could just as easily be disguised as above. --- http://www.malware.com _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/
Current thread:
- Javascript in IE may spoof the whole screen Georgi Guninski (Oct 21)
- Re: Javascript in IE may spoof the whole screen Julian Hall (Oct 23)
- Re: Javascript in IE may spoof the whole screen Miguel Angel Rodriguez Jodar (Oct 23)
- <Possible follow-ups>
- Re: Javascript in IE may spoof the whole screen http-equiv () excite com (Oct 22)
- RE: Javascript in IE may spoof the whole screen Thor Larholm (Oct 24)
- Re: Javascript in IE may spoof the whole screen Julian Hall (Oct 23)