Vulnerability Development mailing list archives
RE: IE without Images
From: Nighttwix () gmx de
Date: Sun, 1 Sep 2002 11:08:15 +0200 (MEST)
hello when i try to download the attachment my norton antivirus 2002 pops-up with a 'xmlid.exploit' warning. a quick look at the symantecs website shows following result: http://securityresponse.symantec.com/avcenter/venc/data/xmlid.exploit.html so its seems to be exploitable
I've attached a new error.txt that, when renamed to error.jpg, gives me the following error: The XML page cannot be displayed Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later. ------------------------------------------------------------------------ -------- An invalid character was found in text content. Error processing resource 'file:///C:/error.jpg'. This seems to indicate that the jpg is indeed being executed as XML. I can't figure out how to get rid of this 'invalid character', though. I don't have much XML experience, and I may be missing something simple. Also, this is on IE6 / WinXP Pro, both fully patched and supposedly not vulnerable to the sample exploit I pasted in for the body. I don't know if this has anything to do with the error I'm getting, though. I couldn't find a cut-and-paste pure XML example that would pop up a dialog box or some such, and changing the content after the first XML header line from the original error.txt still gives me this error.
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
Current thread:
- RE: IE without Images Ian Webb (Aug 31)
- RE: IE without Images Nighttwix (Sep 01)