[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
- From: S G Masood <sgmasood@yahoo.com>
- Date: Wed, 5 Nov 2003 14:36:16 -0800 (PST)
Doesn't appear to work on Win2kSP4 with IE6.
--- "http-equiv@excite.com" <1@malware.com> wrote:
>
>
> Wednesday, November 5, 2003
>
> In our never-ending quest for entertainment, we
> commece from
> this date forward to end-2004 our POS series of
> findings. That
> is the 'perfect operating system'. Today we debut
> and regurgitate
> new and not so new for fun as follows. A warm up for
> the New Year if
> you will !:
>
> The following file is an html file comprising both
> scripting and an
> executable [*.exe].
>
> We inject scripting and an executable into the html
> file which is
> designed to point back to the executable in the html
> file and execute
> it. Provided the html file is an html file, Internet
> Explorer 5.5 and
> 6.0 will execute it.
>
> Because it is an html file proper, Internet Explorer
> opens it. The
> scripting inside is then parsed and fired. That
> scripting is pointing
> back to the same executable file and because it is a
> self-executing
> html file, it executes !
>
> Fully self-contained harmless *.exe:
>
> CAUTION: back up notepad.exe before opening
>
> http://www.malware.com/self-exec.zip
>
> What a POS !
>
> Be aware of html files out there.
>
> --
> http://www.malware.com
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html