Had a mistake in my code o well. Works now PoC: http://www.michaelevanchik.com/security/microsoft/ie/xss/index.html
http://www.michaelevanchik.com/security/microsoft/ie/xss/writehta.txt <-- avp's should add this Here is some new adodb code AVP's should add. No longer needed to connect to external source. Malicious recordset can be built locally. www.michaelevanchik.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
