Bugtraq mailing list archives
Re: Possible new cross zone scripting in IE
From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 10 Feb 2004 17:28:30 -0000
<!-- Cheng Peng Su Wrote: <a href="shell:My Music" --> Excellent ! The revival of the Pull's shell game: "directoryInfo.html", ie the "file://::{CLSID}" [see: http://www.securityfocus.com/bid/3867/] The following on this so-called Microsoft Windows XP machine: Control Panel Administrative Tools Cache CD Burning Cookies Desktop Favorites Fonts History Application Data Local Settings My Music My Pictures My Video NetHood Personal [my documents] PrintHood Programs Recent SendTo Start Menu Startup Templates http://www.malware.com/shell.game.html "Cache" can be very interesting -- http://www.malware.com
Current thread:
- Possible new cross zone scripting in IE Cheng Peng Su (Feb 10)
- <Possible follow-ups>
- Re: Possible new cross zone scripting in IE http-equiv () excite com (Feb 10)