[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 11 Nov 2004 21:15:12 -0000
From: "http-equiv@...ite.com " <1@...ware.com>
To: <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: Re: New URL spoofing bug in Microsoft Internet Explorer
Since we're going the whole nine yards here, let's toss in the following
as well:
1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP
SP2
It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might
suspect that the older versions will function the same.
[screenshot: http://www.malware.com/xcellente.png 5 KB]
Perhaps someone with more knowledge can get it to automate:
'foo.ActiveCell.openHyperlink
'foo.Worksheets(1).Hyperlinks(1).Follow
Then you're back in the popup business.
Raw functional incomplete demo here:
[OWC11: switch on your IE popup blocker]
http://www.malware.com/xcellent.html
--
http://www.malware.com
Powered by blists - more mailing lists