Georgi Guninski security advisory #71, 2004
Yet another IE aperture
tested on patched IE on win2k and xp
Date: 7 October 2004
Update: 9 October 2004
Greymagic have disclosed
the same bug in 2002 - http://www.greymagic.com/security/advisories/gm009-ie/
The bug is still functional - check here
This Advisory is Copyright (c) 2004 Georgi Guninski.
You may not modify it
and distribute it
or distribute parts of it without the author's
written permission - this especially
applies to so called "vulnerabilities databases" and
securityfocus, microsoft, cert and mitre.
If you want
Anything in this document may change without notice.
The information in this advisory is
believed to be true
it may be false.
The opinions expressed in this advisory
and program are my own and
not of any
company. The usual
standard disclaimer applies, especially
the fact that Georgi Guninski is not
liable for any damages caused by
direct or indirect use
of the information or functionality
provided by this advisory or
program. Georgi Guninski
bears no responsibility for content or
this advisory or program or any derivatives
By opening html in IE it is possible to read at least well formed xml
from arbitrary servers. The info then may be transmitted.
<script id="x1" language="xml"
Georgi Guninski <br />
Cannot be used
in any database
redir.pl does a http redirect.