| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200411112115.iABLFDFW027590@web170.megawebservers.com> Date: Thu, 11 Nov 2004 21:15:12 -0000 From: "http-equiv@...ite.com " <1@...ware.com> To: <bugtraq@...urityfocus.com> Cc: <NTBugtraq@...tserv.ntbugtraq.com> Subject: Re: New URL spoofing bug in Microsoft Internet Explorer Since we're going the whole nine yards here, let's toss in the following as well: 1. This will of course give a different reading in the status bar 2. More importantly it will bypass the so-called 'popup blocker' in IE XP SP2 It's a hand-made Excel spreadsheet using OWC11 for Office 2003. One might suspect that the older versions will function the same. [screenshot: http://www.malware.com/xcellente.png 5 KB] Perhaps someone with more knowledge can get it to automate: 'foo.ActiveCell.openHyperlink 'foo.Worksheets(1).Hyperlinks(1).Follow Then you're back in the popup business. Raw functional incomplete demo here: [OWC11: switch on your IE popup blocker] http://www.malware.com/xcellent.html -- http://www.malware.com
Powered by blists - more mailing lists