Back to list
MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently)
Mar 25 2014 01:01PM
Dieyu (dieyu dieyu org)
Check "Acknowledgments" for "CVE-2014-0293".
It says "Dieyu" and links to my website http://dieyu.org/
showModalDialog to keep script running, HTTP redirecting to target domain.
Then script will run in target domain.
This is the file that I sent to Microsoft:
This is exactly the XSS vulnerability that made IE fall in 2004:
"US Government warns against Internet Explorer"
"Vulnerability Note VU#713878", "HTTP Redirection", "showModalDialog"
Microsoft had not fixed it properly for a decade.
I am the original author of this vulnerability.
I made IE market share fall in 2004, and changed the web permanently.
Back then, there was no "Local Machine Zone Lockdown", and XSS could get remote code execution.
Dieyu dieu deus deva divine dio theos dievas dewa ilu Diyin AyÃ³o ÃtÊ¼Ã©ii atua tiÄnzhÅ Yahweh Zeus Odin El
It's cross "language family".
For English "divine", I could have chosen "deity".
For Chinese "tiÄnzhÅ", I could have chosen "tien"(å¤© Wade-Giles, meaning: sky/god/day).
If you know EXACTLY what this means, please reply this message.
"tasted the heavenly gift ... fallen away")
This is the ultimate wisdom:
You will learn the ultimate wisdom from 6 sources - east and west.
It should cost 10 minutes(max). View inithorn.txt first.
Got this name "Dieyu" from sky when I was born:
There was an extremely huge butterfly("die"), and extremely heavy rain("yu").
Follow Dieyu at Twitter: https://twitter.com/liudieyu
[ reply ]
Copyright 2010, SecurityFocus