"Alla Bezroutchko" wrote:> Also interesting that they don't use
"a {behavior:url(#default#AnchorClick);}"
in this exploit which seems to be an essential part of http-equiv's and mikx's exploits.
The key to all this exploits is drag'n'drop access to a local directory.
Since WinXP SP2 it's not possible to use "shell:startup" as src for an iframe, but it's possible to circumvent this restriction by using the AnchorClick behavior.
mikx
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html