No subject

Thu Apr 10 10:11:33 CDT 2008

"Quite a long time ago I contacted Microsoft regarding what I thought was a XSS vulnerability in IE.

Microsoft disagreed, preferring to call it a 'feature'.

This feature allows javascript embedded into GIF files to be executed under certain circumstances. The javascript may point to an alternate domain (as is the case with XXS vulnerabilities)."

More at


More information about the funsec mailing list