let's crash office for macs with lamer HTML email

Kevin Robert Dean qualiall_2 at yahoo.com
Wed Apr 17 21:05:33 PDT 2002


--- kelley at pulpculture.org wrote:
> One more reason why HTML is lame, lame, lame!
>
>
> Security flaw in Microsoft Office for Mac
> By Robert Lemos
> Staff Writer, CNET News.com
> April 16, 2002, 5:15 PM PT
> http://news.com.com/2100-1001-884364.html
>

Let's crash Windows machines too with lamer javascript:

http://online.securityfocus.com/archive/1/267561 IE allows urls containing the javascript protocoll in the history list. Code injected in the url will operate in the same zone/domain as the last url viewed. The javascript url can be set to trigger when a user presses the backbutton.

The normal behaviour when a page fails to load is to press the backbutton. The error page shown by IE is operating in the local computer zone (res://C:\WINNT\System32\shdoclc.dll/dnserror.htm# on Win2000). Thus, we can execute code and read local files.

===== Kevin Dean Buffalo, NY ICQ: 8616001 AIM: KDean75206 Buffalo Activist Network http://www.buffaloactivist.net http://www.yaysoft.com

__________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/



More information about the lbo-talk mailing list