Hello Everyone-- I recently ran accross a feature in Internet Explorer 5.0 (Win32 only) which is not a threat per se, but might possibly be dangerous if not known about: IE 5 treats any file with the .hta extension as a fully trusted web application, and as such can do anything to your system that it wants. The danger in this is for an uneducated user to come accross one of these and execute it under the false impression that since it is not a .exe or .com it cannot execute arbitrary code on the machine. I have not heard of this being exploited, but in the past 2 days I have been writing VBScript that can nuke the filesystem or send email as the user via Outlook (unknown to the user). When IE5 encounters an HTA it prompts you if you would like to "Open from its current location" or "Save to hard disk" just like it was a normal executable file. HTAs stand for HTML Applications, and have full access to the system registry and any COM/DCOM objects in the system. I suggest that you tell anyone you know about these, since they have not been talked about very much, and the main risk imposed by these is no one knows WTF they are. If you have any questions, let me know, Thanks, Bryan D. Batchelder bbatchelderat_private 813-935-7100
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:31 PDT