[30965] in bugtraq
Re: IE6 SP1 - Trivial Crash
daemon@ATHENA.MIT.EDU (MARLON BORBA)
Wed Jul 30 14:38:52 2003
Message-Id: <sf26a6f0.091@trf3.gov.br>
Date: Tue, 29 Jul 2003 16:54:22 -0300
From: "MARLON BORBA" <MBORBA@trf3.gov.br>
To: <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
confirmed here. windows 2000 and ie with their latest service packs.
as a side note, tested with mozilla. at first nothing strange seen (it
even displays a message saying '1.html - file not found'), but when i
select 'view/page source', it quickly crashes.
bye,
marlon.
>>> "James Wolfe" <james@quicsolutions.com> 07/29 11:06 am >>>
Overview/Description:
In March of 2000, someone posted to bugtraq a flaw in the MS
Outlook
Express ActiveX control which allowed for "the reading of any file on
the
users machine." My guess is that MS, in an attempt to bugfix it, didnt
debug
properly and left the following new bug.
