The following security vulnerability has been found in
Microsoft Internet Explorer version 5.5
When "" (an undisplayable character, which is
eaqual to the 1st caharacter in ASCII table - after the
0th...) inserted in some strategic position in
or to the IFRAMES DOM, cookies from other
The "" character also can be replaced by ...
The original "%01" bug was found by Georgi Guninski
in various versions of IE and was patched later...
IE5.5 seemed that it is immune to the aforementioned
But when the transformation done, it reveals
There is another strange behaviour of IE that I came
When "%01" inserted in a script IE never loads the
page fully, it does not display error message in most
cases either.It seems that it is in an infinite loop
between the task "Load the page" and "Don't load the
page if it contains 'somewhere' '%01'..." This inspired
me that '%01' has still a special meaning to the
newest version of IE....
There are many CODES that can be applied... you
can see them at http://horoznet.com/AlpSinan
Just one of them: this code will access Cookies of
(before testing this code replace ! with i in the script
"I in formed MICROSOFT security team via email but
until now no feedback appeared"
Demonstration can be found at