[33573] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Possible new cross zone scripting in IE

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Tue Feb 10 13:21:35 2004

Message-Id: <200402101728.i1AHSUcA017333@web174.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 10 Feb 2004 17:28:30 -0000
From: "http-equiv@excite.com" <1@malware.com>
Cc: <NTBugtraq@listserv.ntbugtraq.com>
Reply-To: 1@malware.com



 <!--

Cheng Peng Su Wrote:

<a href="shell:My Music" 

 -->

Excellent ! The revival of the Pull's shell game: 

"directoryInfo.html", ie the "file://::{CLSID}"

[see: http://www.securityfocus.com/bid/3867/]


The following on this so-called Microsoft Windows XP machine:

Control Panel 
Administrative Tools 
Cache 
CD Burning 
Cookies
Desktop
Favorites
Fonts 
History 
Application Data 
Local Settings 
My Music 
My Pictures 
My Video 
NetHood 
Personal [my documents] 
PrintHood 
Programs 
Recent 
SendTo 
Start Menu 
Startup 
Templates

http://www.malware.com/shell.game.html

"Cache" can be very interesting


-- 
http://www.malware.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[33573] in bugtraq

Re: Possible new cross zone scripting in IE

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)Tue Feb 10 13:21:35 2004

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Tue Feb 10 13:21:35 2004