RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II

From: Dike (Dike@tarita.co.id)
Date: 02/26/03

  • Next message: 0 0: "./makeunicode2.py release announcement" 
    From: "Dike" <Dike@tarita.co.id>
To: <bugtraq@securityfocus.com>
Date: Wed, 26 Feb 2003 08:50:13 +0700

    Confirmed on IE 5.0 too :(

    Sorry One Liner,
    Dike

    > -----Original Message-----
    > From: http-equiv@excite.com [mailto:http-equiv@malware.com]
    > Sent: Wednesday, February 26, 2003 4:45 AM
    > To: bugtraq@securityfocus.com
    > Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
    > Tuesday, February 25, 2003
    >
    > We are delighted to learn that the original self-executing html file,
    > from June 1 2002 is now fixed with the most current of the many
    > patches for the Internet Explorer series of browsers. See:
    >
    > http://online.securityfocus.com/archive/1/275126
    >
    > Regrettably.
    >
    > The following file is an html file comprising both scripting and an
    > executable [*.exe].
    >
    > We inject scripting and an executable into the html file which is
    > designed to point back to the executable in the html file and execute
    > it. Provided the html file is an html file, Internet Explorer 5.5 and
    > 6.0 will execute it.
    >
    > Because it is an html file proper, Internet Explorer opens it. The
    > scripting inside is then parsed and fired. That scripting is pointing
    > back to the same executable file with our original codebase object
    > from the year 2000 and because it is a self-executing html file, it
    > executes !
    >
    > Tested IE5.5 and IE6. Fully self-contained harmless *.exe:
    >
    > http://www.malware.com/html.exe.zip
    >
    > Be aware of html files out there.
    >
    > Key Words: Trust it's Worthy so Think it's Tank silly obvious
    >
    > --
    > http://www.malware.com

    • Quantcast