Remember this? I remember this as a L0pht (@stake) advisory from back in the day... <SCRIPT LANGUAGE=VBScript> Set WWObj = CreateObject("Word.Document") WWObj.SaveAs("c:\windows\desktop\www.google.com") </SCRIPT> can it be used in any sort of fashion in this vulnerability??? On Mon, 13 Aug 2001 martin.goudreaultat_private wrote: > > > Hi All, > > You can also do the same thing with files that are associated: *.doc (will open > Word), *.xls (will open Excel), *.mdb (will open Access) and so on... > > Try this: Create a word document (or excel sheet) with an automacro, copy it to > your desktop, rename it to whatever URL you want, open IE and type that > address...voila... (worked here!) > > Harmful you say... Yeesh > > Just my two cents worth... > > Martin Goudreault > Senior Systems Support > Bombardier - AeroSpace > St-Laurent, Qc, Canada > (514) 855-5001 x55488 > > > > -- --- -sween | M | http://www.modelm.org --- "force feedback computing since 1984." <meta name="MSSmartTagsPreventParsing" content="TRUE">
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 18:24:17 PDT