OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)

From: Michal Zalewski (lcamtufdione.ids.pl)
Date: Thu Jan 04 2007 - 16:51:30 CST


On Thu, 4 Jan 2007, Larry Seltzer wrote:

> I hope you're still not angry!

It took months of therapy, but I recovered ;)

> I just tried your demo on IE7. It took a while longer but does seem to
> have locked up. Were you looking at IE6 or IE7, and is the behavior any
> different?

I tested several installations of IE6, but I wouldn't expect there to be
differences (the flaw directly affects a XML rendering library that is
probably identical for both versions).

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/