RE: IE without Images

[Nighttwix () gmx de]

hello

when i try to download the attachment my norton antivirus 2002 pops-up with
a 'xmlid.exploit' warning.
a quick look at the symantecs website shows following result:
http://securityresponse.symantec.com/avcenter/venc/data/xmlid.exploit.html

so its seems to be exploitable



> I've attached a new error.txt that, when renamed to error.jpg, gives me
> the following error:
>
> The XML page cannot be displayed 
> Cannot view XML input using style sheet. Please correct the error and
> then click the Refresh button, or try again later. 
>
>
> ------------------------------------------------------------------------
> --------
>
> An invalid character was found in text content. Error processing
> resource 'file:///C:/error.jpg'. 
>
> This seems to indicate that the jpg is indeed being executed as XML. I
> can't figure out how to get rid of this 'invalid character', though. I
> don't have much XML experience, and I may be missing something simple.
>
> Also, this is on IE6 / WinXP Pro, both fully patched and supposedly not
> vulnerable to the sample exploit I pasted in for the body. I don't know
> if this has anything to do with the error I'm getting, though. I
> couldn't find a cut-and-paste pure XML example that would pop up a
> dialog box or some such, and changing the content after the first XML
> header line from the original error.txt still gives me this error.

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net