[37317] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: New URL spoofing bug in Microsoft Internet Explorer

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Thu Nov 11 17:23:19 2004

Message-Id: <200411112115.iABLFDFW027590@web170.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Thu, 11 Nov 2004 21:15:12 -0000
From: "http-equiv@excite.com " <1@malware.com>
Cc: <NTBugtraq@listserv.ntbugtraq.com>
Reply-To: 1@malware.com

Since we're going the whole nine yards here, let's toss in the following 
as well:

1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP 
SP2

It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might 
suspect that the older versions will function the same.

[screenshot: http://www.malware.com/xcellente.png 5 KB]

Perhaps someone with more knowledge can get it to automate:

'foo.ActiveCell.openHyperlink
'foo.Worksheets(1).Hyperlinks(1).Follow

Then you're back in the popup business.

Raw functional incomplete demo here:
[OWC11: switch on your IE popup blocker]

http://www.malware.com/xcellent.html

-- 
http://www.malware.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37317] in bugtraq

Re: New URL spoofing bug in Microsoft Internet Explorer

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)Thu Nov 11 17:23:19 2004

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Thu Nov 11 17:23:19 2004