Re: Winnt/Win2k Vuln ?

From: sween (sweenat_private)
Date: Mon Aug 13 2001 - 10:49:34 PDT

  • Next message: Ofir Arkin: "X White Paper Released"

    Remember this?
    
    I remember this as a L0pht (@stake) advisory from back in the day...
    
    <SCRIPT LANGUAGE=VBScript>
            Set WWObj = CreateObject("Word.Document")
            WWObj.SaveAs("c:\windows\desktop\www.google.com")
            </SCRIPT>
    
    can it be used in any sort of fashion in this vulnerability???
    
    
    On Mon, 13 Aug 2001 martin.goudreaultat_private wrote:
    
    > 
    > 
    > Hi All,
    > 
    > You can also do the same thing with files that are associated: *.doc (will open
    > Word), *.xls (will open Excel), *.mdb (will open Access) and so on...
    > 
    > Try this: Create a word document (or excel sheet) with an automacro, copy it to
    > your desktop, rename it to whatever URL you want, open IE and type that
    > address...voila... (worked here!)
    > 
    > Harmful you say... Yeesh
    > 
    > Just my two cents worth...
    > 
    > Martin Goudreault
    > Senior Systems Support
    > Bombardier - AeroSpace
    > St-Laurent, Qc, Canada
    > (514) 855-5001 x55488
    > 
    > 
    > 
    > 
    
    
    --
    
     ---  -sween                               
    | M | http://www.modelm.org                 
     ---  "force feedback computing since 1984."
    <meta name="MSSmartTagsPreventParsing" content="TRUE">
    



    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 18:24:17 PDT