BugTraq
Back to list
|
Post reply
Re: New URL spoofing bug in Microsoft Internet Explorer
Nov 11 2004 09:15PM
http-equiv (at) excite (dot) com [email concealed] (1 malware com)
Since we're going the whole nine yards here, let's toss in the following
as well:
1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP
SP2
It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might
suspect that the older versions will function the same.
[screenshot: http://www.malware.com/xcellente.png 5 KB]
Perhaps someone with more knowledge can get it to automate:
'foo.ActiveCell.openHyperlink
'foo.Worksheets(1).Hyperlinks(1).Follow
Then you're back in the popup business.
Raw functional incomplete demo here:
[OWC11: switch on your IE popup blocker]
http://www.malware.com/xcellent.html
--
http://www.malware.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Since we're going the whole nine yards here, let's toss in the following
as well:
1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP
SP2
It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might
suspect that the older versions will function the same.
[screenshot: http://www.malware.com/xcellente.png 5 KB]
Perhaps someone with more knowledge can get it to automate:
'foo.ActiveCell.openHyperlink
'foo.Worksheets(1).Hyperlinks(1).Follow
Then you're back in the popup business.
Raw functional incomplete demo here:
[OWC11: switch on your IE popup blocker]
http://www.malware.com/xcellent.html
--
http://www.malware.com
[ reply ]