Full Disclosure mailing list archives
RE: I small poem in Jscript // No effect on XP SP2 !
From: <iss () uni de>
Date: Mon, 12 Jul 2004 14:27:32 +0200
Hmm, it has no effect on WinXP SP2 RC2 (German) // Internet Explorer 6 SP2! - The new security central icon appears and opens a new line under the address field. It shows a message indicating that IE does not display active contents that could access the computer. You can allow blocked contend (after a second warning that the script could harm the computer) but this has no effect to IE at all. This problem and many other security bugs and null-pointer exceptions seemes to be resolved with the upcoming SP2. Regards Marco Ellmann
-----Ursprüngliche Nachricht----- Von: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] Im Auftrag von Berend-Jan Wever Gesendet: Sonntag, 11. Juli 2004 09:29 An: full-disclosure () lists netsys com; bugtraq () securityfocus com Betreff: [Full-Disclosure] I small poem in JScript I just wrote a small poem in JScript: <SCRIPT language="javascript"> MSIE = window.open; // for hackers to come in for (every_bug_found in MSIE) { /* there are zillions more hiden */ } </SCRIPT> Ok, so it doen't rhyme... but it is another null-pointer exception DoS in MSIE 6.0sp1 (fully patched) ;) Cheers, SkyLined _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- I small poem in JScript Berend-Jan Wever (Jul 11)
- Re: I small poem in JScript Jordan Cole (stilist) (Jul 11)
- Re: I small poem in JScript Chris (Jul 11)
- RE: I small poem in Jscript // No effect on XP SP2 ! iss (Jul 12)
- Re: I small poem in JScript Jordan Cole (stilist) (Jul 12)