| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: sgmasood at yahoo.com (S G Masood) Subject: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III Doesn't appear to work on Win2kSP4 with IE6. --- "http-equiv@...ite.com" <1@...ware.com> wrote: > > > Wednesday, November 5, 2003 > > In our never-ending quest for entertainment, we > commece from > this date forward to end-2004 our POS series of > findings. That > is the 'perfect operating system'. Today we debut > and regurgitate > new and not so new for fun as follows. A warm up for > the New Year if > you will !: > > The following file is an html file comprising both > scripting and an > executable [*.exe]. > > We inject scripting and an executable into the html > file which is > designed to point back to the executable in the html > file and execute > it. Provided the html file is an html file, Internet > Explorer 5.5 and > 6.0 will execute it. > > Because it is an html file proper, Internet Explorer > opens it. The > scripting inside is then parsed and fired. That > scripting is pointing > back to the same executable file and because it is a > self-executing > html file, it executes ! > > Fully self-contained harmless *.exe: > > CAUTION: back up notepad.exe before opening > > http://www.malware.com/self-exec.zip > > What a POS ! > > Be aware of html files out there. > > -- > http://www.malware.com > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
Powered by blists - more mailing lists