[11933] in bugtraq
Re: IE5 allows executing programs
daemon@ATHENA.MIT.EDU (Haxor, Wikit)
Thu Sep 16 20:28:31 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001f01bf007d$91f49320$64080518@cv1.sdca.home.com>
Date: Thu, 16 Sep 1999 12:56:30 -0700
Reply-To: broodahs@ZERG.COM
From: "Haxor, Wikit" <broodahs@ZERG.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
another twist on this ie5 exploit
Mplayer (mplayer.com) offers a service where players can find other players
to play games. With a Plus (pay) account, you can force users to view a url
when entering a game lobby. Just have them look at a page with the ie5
exploit and boom... they have no choice when they enter the game lobby but
to get the exploit. mplayer uses the ie browser ocx's so if you have ie5
then you will be exploited. or add in the ie5 java boxes to ask for
username/password and you get a plus account...... for free. just a little
more mayhem to cause and more reason for a patch to be released
