[Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)

[Michal Zalewski]

On Thu, 4 Jan 2007, Larry Seltzer wrote:

> I hope you're still not angry!

It took months of therapy, but I recovered ;)

> I just tried your demo on IE7. It took a while longer but does seem to
> have locked up. Were you looking at IE6 or IE7, and is the behavior any
> different?

I tested several installations of IE6, but I wouldn't expect there to be
differences (the flaw directly affects a XML rendering library that is
probably identical for both versions).

/mz