Full Disclosure mailing list archives

Re: Comments on 5 IE vulnerabilities

From: Georgi Guninski <guninski () guninski com>
Date: Tue, 2 Dec 2003 19:12:30 +0200

On Mon, 1 Dec 2003 15:37:04 -0800
"Thor Larholm" <thor () pivx com> wrote:

Each and every command execution vulnerability in Internet Explorer over
the last few years have all depended on the functionality of local
security zones. Whenever you are crafting an exploit, you want to
navigate a window object to a local security zone, inject some scripting
or HTML into the window object and subsequently use the features of the


This is nonsense.

Comment on these ones:
http://www.guninski.com/iexla.html
http://www.guninski.com/signedactivex2.html
all the java stuff at:
http://www.guninski.com/browsers.html

there are much more, but i am too lazy to exploder crap for you.

georgi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Comments on 5 IE vulnerabilities Thor Larholm (Dec 01)
- Re: Comments on 5 IE vulnerabilities Frank Knobbe (Dec 01)
  - Re: Comments on 5 IE vulnerabilities Bruce Ediger (Dec 01)
- Re: Comments on 5 IE vulnerabilities Cael Abal (Dec 01)
  - Re: Comments on 5 IE vulnerabilities Valdis . Kletnieks (Dec 04)
- Re: Comments on 5 IE vulnerabilities Jelmer (Dec 02)
- Re: Comments on 5 IE vulnerabilities Georgi Guninski (Dec 02)
- Re: Comments on 5 IE vulnerabilities John Sage (Dec 02)