<div>Not to through fuel on the fire, but wouldn't that XSS actually be in IE, since IE is what opens the file? Could've been a funny joke though, a real knee slapper.</div>
<div> </div>
<div>Nate<br><br> </div>
<div><span class="gmail_quote">On 1/17/08, <b class="gmail_sendername">Fredrick Diggle</b> <<a href="mailto:fdiggle@gmail.com">fdiggle@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">#######################################################################<br><br> Fredrick Diggle Security Advisory
<br><br>Application: Notepad<br>Versions: 5.1.2600.2180 verified to be vulnerable<br>Platforms: Microsoft Windows (All Versions)<br>Bugs: Cross Site Scripting (XSS)<br>Severity: Critically High<br>Date: 17 Jan 2008<br>Credit: Estr Hinan
<br><br>#######################################################################<br><br>1) Introduction<br>2) Bugs<br>4) Fix<br><br>#######################################################################<br><br>===============
<br>1) Introduction<br>===============<br><br>Fredrick Diggle Security Services is probably the best application<br>security researchers on the scene this month. They have identified<br>several hundred thousand vulnerabilities this week for which Priv8
<br>0dayz have been developed. Fredrick Diggle Security Team periodically<br>releases several of these vulnerabilities to the community at large<br>(Pre Vendor Release!!!!). Fred Diggle would like to ensure that you<br>understand this is 0DAY!!!. The vendors are completely unaware of this
<br>vulnerabilities.<br><br>#######################################################################<br><br>=======<br>2) Bug<br>=======<br><br>Notepad is a utility which is built into all current versions of<br>Microsoft Windows. Notepad contains a highly exploitable stored
<br>cross-site scripting vulnerability when files are saved with the<br>following extensions:<br><br>htm<br>html<br><br>Other extensions may also be vulnerable in your environment depending<br>on configuration. When arbitrary javascript code is entered into the
<br>notepad text window and saved using one of the vulnerable extensions a<br>payload file is created. When an innocent user opens this payload file<br>cross-site scripting occurs.<br><br>#######################################################################
<br><br>=======<br>3) Proof of Concept<br>=======<br><br>1. Open Notepad<br>2. Enter the following text<br><script>alert("xss");</script><br>3. Save file as "exploit.html"<br>4. double click the payload file
<br><br>#######################################################################<br><br>======<br>4) Fix<br>======<br><br>Notepad should be rewritten to filter potentially dangerous<br>characters. Characters can be converted to their html encoded
<br>equivalents.<br><br>#######################################################################<br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br></blockquote></div><br>