[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently)

Visit http://technet.microsoft.com/en-us/security/bulletin/ms14-010
Check "Acknowledgments" for "CVE-2014-0293".
It says "Dieyu" and links to my website http://dieyu.org/

Technical Details:
showModalDialog to keep script running, HTTP redirecting to target domain.
Then script will run in target domain.

This is the file that I sent to Microsoft:
SHA1: f50b5aebdc7cd0a62f1ed97d776fe4b7fa47260e
MD5: bfdaa2a329ea639a363a4ba8c294f706

Best Wishes,


This is exactly the XSS vulnerability that made IE fall in 2004:
"US Government warns against Internet Explorer"
"Vulnerability Note VU#713878", "HTTP Redirection", "showModalDialog"
Microsoft had not fixed it properly for a decade.
I am the original author of this vulnerability.
I made IE market share fall in 2004, and changed the web permanently.
Back then, there was no "Local Machine Zone Lockdown", and XSS could get remote code execution.

Dieyu dieu deus deva divine dio theos dievas dewa ilu Diyin Ayóo Átʼéii atua tiānzhŭ Yahweh Zeus Odin El
It's cross "language family".
For English "divine", I could have chosen "deity".
For Chinese "tiānzhŭ", I could have chosen "tien"(天 Wade-Giles, meaning: sky/god/day).

If you know EXACTLY what this means, please reply this message.
"tasted the heavenly gift ... fallen away")

This is the ultimate wisdom:
SHA1: 0f8252760f9b43a48840fc3e6f5a2c3c6a9846ec
MD5: 1eccee83f4f9eeab95415f1bfd8ce5bd
You will learn the ultimate wisdom from 6 sources - east and west.
It should cost 10 minutes(max). View inithorn.txt first.

Got this name "Dieyu" from sky when I was born:
There was an extremely huge butterfly("die"), and extremely heavy rain("yu").

Follow Dieyu at Twitter: https://twitter.com/liudieyu