lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 12 Apr 2005 22:57:18 +0200
From: "Berend-Jan Wever" <skylined@...p.tudelft.nl>
To: "full-disclosure" <full-disclosure@...ts.grok.org.uk>,
	<bugtraq@...urityfocus.com>
Subject: Details and PoC for MS05-020 MSIE DHTML Object
	handling vulnerabilities


Details and PoC code for MSIE DHTML Object handling vulnerabilities are available online at my website:
http://www.edup.tudelft.nl/~bjwever
Note: page is not up-to-date, since it was written in August/September 2004. Additional information will be added when found during testing of MS05-20 patch.

Cheers,
SkyLined

PS. I was pretty surprised nobody asked me why I went from Internet Exploiter 1 to Internet Exploiter 3.... so now you know.

                        .-----------------------------------,
                       / Berend-Jan Wever aka SkyLined       )
                      / skylined@...p.tudelft.nl            / \
                     / http://www.edup.tudelft.nl/~bjwever /  /
                    / PGP key ID 0x48479882               /  /
                   / .----.            ,                 /  /
                  / (      '  /       /  .     __   __/ /  /
                 /   `'-._   /.' | / /  / ( / /_.'.' / /  /
                (         ) / )  |/ /  / / ) (__ (__/ /  /
                 \-------' ------` '-----------------<  /
                  \______.`\______\/\_________________\/


The information contained in this e-mail, if any, is often incorrect and
probably plagiarized. It is intended solely for the amusement of the addressee.
If you are not the intended recipient, my bad. Any action taken or omitted to
be taken in reliance on the information in this message is your problem. Please
notify me immediately if you have received it in error by reply e-mail and then
delete this message from your system and any files in it's vicinity.

I endeavour to ensure that my emails and any attachments are free from viruses,
content, value or other contaminants. However, I cannot accept any
responsibility might something worthwhile accidentally slip in. I therefore
recommend you do not read them at all just to be sure.

Please note that the statements and views expressed in this email and any
attachments are completely chosen at random by the author and do not
necessarily represent anything coherent, relevant or usefull.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ