No subject


Thu Apr 10 10:11:33 CDT 2008


"Quite a long time ago I contacted Microsoft regarding what I thought was a XSS vulnerability in IE.

Microsoft disagreed, preferring to call it a 'feature'.

This feature allows javascript embedded into GIF files to be executed under certain circumstances. The javascript may point to an alternate domain (as is the case with XXS vulnerabilities)."
---clip---

More at
http://www.viruslist.com/en/weblog?calendar=2008-06

Juha-Matti


More information about the funsec mailing list