Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: I small poem in Jscript // No effect on XP SP2 !
From: <iss () uni de>
Date: Mon, 12 Jul 2004 14:27:32 +0200

Hmm, it has no effect on WinXP SP2 RC2 (German) // Internet Explorer 6 SP2!
- The new security central icon appears and opens a new line under the
address field. It shows a message indicating that IE does not display active
contents that could access the computer. You can allow blocked contend
(after a second warning that the script could harm the computer) but this
has no effect to IE at all.

This problem and many other security bugs and null-pointer exceptions seemes
to be resolved with the upcoming SP2.

Regards

Marco Ellmann


-----Urspr√ľngliche Nachricht-----
Von: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] Im Auftrag
von Berend-Jan Wever
Gesendet: Sonntag, 11. Juli 2004 09:29
An: full-disclosure () lists netsys com; bugtraq () securityfocus com
Betreff: [Full-Disclosure] I small poem in JScript

I just wrote a small poem in JScript:

<SCRIPT language="javascript">

  MSIE = window.open; // for hackers to come in
  for (every_bug_found in MSIE) { /* there are zillions more
hiden */ }

</SCRIPT>

Ok, so it doen't rhyme... but it is another null-pointer
exception DoS in MSIE 6.0sp1 (fully patched) ;)

Cheers,
SkyLined

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault