Re: Spyware/adware and Internet Explorer

From: Steven Burn (
Date: 02/03/04

Date: Tue, 3 Feb 2004 15:47:49 -0000

Frode <> wrote in message
> Hash: SHA1
> Steven Burn wrote:
> >There are plenty of examples on places such as;
> >
> >
> A search for exploit in asp/vbscript gives 1 hit. The same goes for
> java/javascript. Where are the examples?
> >
> A search for the word "exploit" gives 6 hits. None of which are terribly
> relevant. A general google search for "asp exploits" does give some hits,
> most of which seem to concern server, not client, compromise. Rather
> logical given the nature of ASP as far I'm aware of its purpose
> (server-side scripting).
> >
> Not a single hit on search for the word exploit.
> >Along with a ton of others
> Anything concrete? None of those sites have obvious sections covering
> of concept for browser-independent exploits.
> I was thinking more along the lines of an example of a working exploit
> covertly installs a payload. You can google up a bunch of sites with
> examples of working IE exploits to click. None of which I've gotten to do
> anything malicious outside of IE. Just give me one concrete place to go
> find a browser independent exploit I can click and see the effects of.
> - --
> Frode
> Version: PGP 8.0.3
> iQA/AwUBQB++CeXlGBWTt1afEQJhEwCg3WrN46y7u5XMU6wMbsauy6Vn0FUAoOhJ
> 7QdmTF9hNk7IkjoBgj/3c64B
> =XgwH

Here's a quick javascript example for you (note: I am not a "seasoned" java
developer, so the following is pseudo code only).

<script language="Javascript">, "wordWin");
function exec (command)
    return java.lang.Runtime.getRuntime().exec(command);
exec ("C:\\...\\anyexe.exe")

Some light research for you.........

Some light reading for you (hope you have a few hours)

The website's I mentioned WILL NOT list them as exploits simply because they
are exploits (I'd have thought that was common knowledge).

Steven Burn
Ur I.T. Mate Group
Keeping it FREE!
I know I'm probably wrong, I just like taking part ;o)