[Esd-l] New exploit to block

Bill Larson blarson at compu.net
Mon Mar 4 16:10:02 PST 2002

Ah good just ran across that today and wasn't sure about the object tags
from memory.

----- Original Message -----
From: "John D. Hardin" <jhardin at impsec.org>
To: "Bill Larson" <blarson at compu.net>
Cc: <Esd-l at spconnect.com>
Sent: Monday, March 04, 2002 5:55 PM
Subject: Re: [Esd-l] New exploit to block

> On Mon, 4 Mar 2002, Bill Larson wrote:
> > http://www.theregus.com/content/4/24206.html
> OBJECT tags have been defanged for a long time. If this worries you,
> make sure that you do not set $SECURITY_TRUST_HTML.
> --
>  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
>  jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   In 1998 more than three times as many people in the US were killed
>   by incompetent physicians than were killed by handguns, yet the
>   President of the A.M.A. is adopting "gun safety" as his platform.
> -----------------------------------------------------------------------
>    974 days until the Presidential Election

More information about the esd-l mailing list