MSIE:patched&undisclosed XSS vuln
("that's all" is end of file if you are in a hurry)[tested] OS:Windows XP Professional Browser: MS Internet Explorer 6.0.2600.0000.xpclient.01087-1148 (without any patch) (note: it doesn't work on the patched MSIE) [demo] at http://www.safecenter.net/liudieyu/AutoScanJPU/AutoScanJPU-MyPage.htm or http://umbrella.mx.tc ==> "AutoScanJPU-MyPage" section [exp] window.external.AutoScan method can navigate other windows to somewhere, and it doesn't filter Javascript-protocol url. that's all. [how] http://www.safecenter.net/CrossZone/ie/UJPU.HTM [gossiping] does anyone here know other vulnz patched silently? greetings to: the Pull, dror, guninski and "Vadim Krochak" - and gean! best wishes die ------------------------ make notes easily! - http://www.safecenter.net/liudieyu/domex - http://domex.int.tc ------------------- all mentioned resources can be found at http://umbrella.mx.tc
