Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
From: Jens Knoell (jens@ing.twinwave.net)
Date: 02/26/03
- Previous message: Michael Jennings: "Re: Terminal Emulator Security Issues"
- In reply to: http-equiv@excite.com: "Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II"
- Next in thread: Dike: "RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jens Knoell" <jens@ing.twinwave.net> To: <http-equiv@malware.com>, <bugtraq@securityfocus.com> Date: Tue, 25 Feb 2003 16:50:44 -0700
http-equiv@excite.com <http-equiv@malware.com> wrote:
> [...]
> Because it is an html file proper, Internet Explorer opens it. The
> scripting inside is then parsed and fired. That scripting is pointing
> back to the same executable file with our original codebase object
> from the year 2000 and because it is a self-executing html file, it
> executes !
>
> Tested IE5.5 and IE6. Fully self-contained harmless *.exe:
>
> http://www.malware.com/html.exe.zip
>
> Be aware of html files out there.
>
> Key Words: Trust it's Worthy so Think it's Tank silly obvious
This does not seem to work for me if done via webserver. It works like a
charm locally, so it might be worthwile adding that this is only useful as
an attached HTML (in an email, for example).
Jens
- Next message: Peter Lindgren: "Re: Netscape 6/7 crashes by a simple style***..."
- Previous message: Michael Jennings: "Re: Terminal Emulator Security Issues"
- In reply to: http-equiv@excite.com: "Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II"
- Next in thread: Dike: "RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
