`Details and PoC code for MSIE DHTML Object handling vulnerabilities are available online at my website:
Note: page is not up-to-date, since it was written in August/September 2004. Additional information will be added when found during testing of MS05-20 patch.
PS. I was pretty surprised nobody asked me why I went from Internet Exploiter 1 to Internet Exploiter 3.... so now you know.
/ Berend-Jan Wever aka SkyLined )
/ firstname.lastname@example.org / \
/ http://www.edup.tudelft.nl/~bjwever / /
/ PGP key ID 0x48479882 / /
/ .----. , / /
/ ( ' / / . __ __/ / /
/ `'-._ /.' | / / / ( / /_.'.' / / /
( ) / ) |/ / / / ) (__ (__/ / /
\-------' ------` '-----------------< /
The information contained in this e-mail, if any, is often incorrect and
probably plagiarized. It is intended solely for the amusement of the addressee.
If you are not the intended recipient, my bad. Any action taken or omitted to
be taken in reliance on the information in this message is your problem. Please
notify me immediately if you have received it in error by reply e-mail and then
delete this message from your system and any files in it's vicinity.
I endeavour to ensure that my emails and any attachments are free from viruses,
content, value or other contaminants. However, I cannot accept any
responsibility might something worthwhile accidentally slip in. I therefore
recommend you do not read them at all just to be sure.
Please note that the statements and views expressed in this email and any
attachments are completely chosen at random by the author and do not
necessarily represent anything coherent, relevant or usefull.