lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4nMfdrDfzUmGWYpeSwubl8KAAAAQAAAAADcgD22V102z4fBreGoH/AEAAAAA@uni.de>
From: iss at uni.de (iss@....de)
Subject: I small poem in Jscript // No effect on XP SP2 !

Hmm, it has no effect on WinXP SP2 RC2 (German) // Internet Explorer 6 SP2!
- The new security central icon appears and opens a new line under the
address field. It shows a message indicating that IE does not display active
contents that could access the computer. You can allow blocked contend
(after a second warning that the script could harm the computer) but this
has no effect to IE at all.

This problem and many other security bugs and null-pointer exceptions seemes
to be resolved with the upcoming SP2.

Regards

Marco Ellmann


> -----Ursprüngliche Nachricht-----
> Von: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] Im Auftrag
> von Berend-Jan Wever
> Gesendet: Sonntag, 11. Juli 2004 09:29
> An: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
> Betreff: [Full-Disclosure] I small poem in JScript
>
> I just wrote a small poem in JScript:
>
> <SCRIPT language="javascript">
>
>   MSIE = window.open; // for hackers to come in
>   for (every_bug_found in MSIE) { /* there are zillions more
> hiden */ }
>
> </SCRIPT>
>
> Ok, so it doen't rhyme... but it is another null-pointer
> exception DoS in MSIE 6.0sp1 (fully patched) ;)
>
> Cheers,
> SkyLined
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ