> From: Julian Hall > > Georgi Guninski security advisory #50, 2001 > > Image moving over download/open dialog: > > http://www.guninski.com/opf2.html > > BSOD emulation: > > http://www.guninski.com/bsod1.html > > Neither of these demonstrations function correctly in IE 5.0; > they produce script > error message boxes, reporting that the 'object does not > support the requested > method'. I don't know whether that means IE 5.0 isn't > vulnerable or not... It means that Guninski used the popup object in his examples, which was first introduced in IE5.5+ - using chromeless window objects will yield the same results in IE4+. The advisory still holds, the example was just flawed. Regards Thor Larholm Jubii A/S - Internet Programmer
