[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Apr 2007 22:41:03 -0400
From: "Larry Seltzer" <Larry@...ryseltzer.com>
To: "Alexander Sotirov" <asotirov@...ermina.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows .ANI LoadAniIcon Stack Overflow
>>Larry, why are you so curious about how this exploit works?
Because the Firefox docs say they don't support ANI files for cursors
and I can't get any non-malicious ones to work in it. I have to admit
I'm having trouble getting them to work in IE now too.
What's wrong with this code?
<HTML>
<BODY>
<style type="text/css">
BODY{cursor: url(http://www.larryseltzer.com/DRUM.ANI);}
</style>
This is a harmless animated cursor.<br>
This is a harmless animated cursor.<br>
This is a harmless animated cursor.<br>
This is a harmless animated cursor.<br>
</BODY></HTML>
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer@...fdavis.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists