Bugtraq mailing list archives

Re: Javascript in IE may spoof the whole screen

From: Miguel Angel Rodriguez Jodar <rodriguj () atc us es>
Date: Tue, 23 Oct 2001 22:23:40 +0100 (GMT+0100)

Actually, both examples work. At least on MSIE 6.0 under Windows 98SE. The
original message states that vulnerable systems are IE 5.5 and later...

--
Miguel Angel Rodriguez Jodar | http://icaro.fie.us.es
Area de Arquitectura y Tecnologia de Computadores
Universidad de Sevilla


On Tue, 23 Oct 2001, Julian Hall wrote:



Georgi Guninski wrote:

Georgi Guninski security advisory #50, 2001

Javascript in IE may spoof the whole screen

Systems affected:
IE 5.5/6.0 on Windows, probably earlier versions


[...]


Demonstration:

Image moving over download/open dialog:
http://www.guninski.com/opf2.html
BSOD emulation:
http://www.guninski.com/bsod1.html


Neither of these demonstrations function correctly in IE 5.0; they produce script
error message boxes, reporting that the 'object does not support the requested
method'.  I don't know whether that means IE 5.0 isn't vulnerable or not...

Current thread:

Javascript in IE may spoof the whole screen Georgi Guninski (Oct 21)
- Re: Javascript in IE may spoof the whole screen Julian Hall (Oct 23)
  - Re: Javascript in IE may spoof the whole screen Miguel Angel Rodriguez Jodar (Oct 23)
- <Possible follow-ups>
- Re: Javascript in IE may spoof the whole screen http-equiv () excite com (Oct 22)
- RE: Javascript in IE may spoof the whole screen Thor Larholm (Oct 24)