Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Matts (1087)

  (email not shown publicly)

I work for MessageLabs [] in Toronto, ON, Canada. I write spam filters, MTA software, high performance network software, string matching algorithms, and other cool stuff mostly in Perl and C.

Journal of Matts (1087)

Monday March 04, 2002
06:34 AM

XML used in new vulnerability

[ #3279 ]

So the latest exploit in MS IE, and MS Outlook use XML. So that's kinda fun.

Basically an MS XML Data Island can be used to hold a CDATA section with a tag in the text part. Then IE can use that CDATA section output in the browser to get the browser to load up an activeX control, bypassing IE's security settings. Sweeeeeet.

Also I see that Macromedia Flash 5 allows you to save the current timeline to disk, however if you hack the Flash to put a .bat file in the timeline portion of the file, then you can write a .bat file out to disk. Even in the Start folder of Windows. Sweeeeeet. Yet another argument for SVG :-)

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • I'm uncertain XML, the language, is responsible for this exploit so much as the XML parser that IE uses. Still, I suppose that this is a point of maturity for XML -- the .NET virus maker!
    • The vulnerability is actually in the data islands system, which obviously bypasses the traditional security settings.

      I always thought this (XML data islands) was a bad idea.