[22963] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Javascript in IE may spoof the whole screen

daemon@ATHENA.MIT.EDU (Julian Hall)
Tue Oct 23 16:33:30 2001

Message-ID: <3BD5AEBA.246991BF@acris.co.uk>
Date: Tue, 23 Oct 2001 18:54:03 +0100
From: Julian Hall <jules@acris.co.uk>
MIME-Version: 1.0
To: guninski@guninski.com
Cc: Bugtraq <BUGTRAQ@securityfocus.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit



Georgi Guninski wrote:

> Georgi Guninski security advisory #50, 2001
>
> Javascript in IE may spoof the whole screen
>
> Systems affected:
> IE 5.5/6.0 on Windows, probably earlier versions

[...]

>
> Demonstration:
>
> Image moving over download/open dialog:
> http://www.guninski.com/opf2.html
> BSOD emulation:
> http://www.guninski.com/bsod1.html

Neither of these demonstrations function correctly in IE 5.0; they produce script
error message boxes, reporting that the 'object does not support the requested
method'.  I don't know whether that means IE 5.0 isn't vulnerable or not...


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22963] in bugtraq

Re: Javascript in IE may spoof the whole screen

daemon@ATHENA.MIT.EDU (Julian Hall)Tue Oct 23 16:33:30 2001

daemon@ATHENA.MIT.EDU (Julian Hall)
Tue Oct 23 16:33:30 2001