All the Perl that's Practical to Extract and Report

XML used in new vulnerability

Matts on 2002-03-04T11:34:23

So the latest exploit in MS IE, and MS Outlook use XML. So that's kinda fun.

Basically an MS XML Data Island can be used to hold a CDATA section with a tag in the text part. Then IE can use that CDATA section output in the browser to get the browser to load up an activeX control, bypassing IE's security settings. Sweeeeeet.

Also I see that Macromedia Flash 5 allows you to save the current timeline to disk, however if you hack the Flash to put a .bat file in the timeline portion of the file, then you can write a .bat file out to disk. Even in the Start folder of Windows. Sweeeeeet. Yet another argument for SVG :-)

MSXML is bad, m'okay?

jjohn on 2002-03-04T13:58:27

I'm uncertain XML, the language, is responsible for this exploit so much as the XML parser that IE uses. Still, I suppose that this is a point of maturity for XML -- the .NET virus maker!

Re:MSXML is bad, m'okay?

Matts on 2002-03-04T14:26:13

The vulnerability is actually in the data islands system, which obviously bypasses the traditional security settings.

I always thought this (XML data islands) was a bad idea.