Printable View
[quote]Originally posted by Kaelon:
<strong>deltree c:\windows\*.*
:D :D hehe I wonder if that would be possible off of this little bug?
-Kaelon</strong><hr></blockquote>
I am sure you can add command line parameters to this making it a security hazard. This is something to watch out for if your clients or coworkers are surfing on sites that you don't know of.
I got a follow up email on the issue and they said "over 25,000 of you clicked the link" ...hehe, wonder how many of those were us? :D
[quote]Originally posted by LagMonster:
<strong>
I am sure you can add command line parameters to this making it a security hazard. This is something to watch out for if your clients or coworkers are surfing on sites that you don't know of.</strong><hr></blockquote>
You can not pass parameters. So no deltree is not possible.
All this bug has the ability to do is run a .exe on the client system, that exe file must be present locally. Its not as huge as this post has been making out. Disable scripting to protect against it for now.
<a href="http://www.securityfocus.com" target="_blank">www.securityfocus.com</a>
<a href="http://jscript.dk/unpatched/" target="_blank">http://jscript.dk/unpatched/</a>
Russ
Thanks to ActiveWin ( <a href="http://www.activewin.com" target="_blank">www.activewin.com</a> ), I found out about an article at The Register which says the Internet Explorer (IE) "bug" is an old "data binding" feature which had its origin with IE 4 and has been continued in all subsequent versions of IE. Also, disabling active scripting and/or Active X will not prevent the problem, although there is a registry mod that can prevent it. The URL for the article is:
<a href="http://www.theregister.co.uk/content/4/24274.html" target="_blank">http://www.theregister.co.uk/content/4/24274.html</a>
A bit of HTML code that is posted in The Register article mentioned above, will cause IE to run the Windows Calculator app.
For "newbies," simply copy and paste the code into Windows Notepad (for some versions of Windows, remove the "system32" folder from the pathname in the code), save it to your Windows Desktop with an "html" extension instead of a "txt" extension, and then either double click on the newly saved file on the Desktop (if IE is your default browser) or open the file manually from within IE (File > Open...) to execute it. It appears that one can run any app (such as a DOS window) on their PC simply by specifying (and saving) the correct path in the code above and opening the file in IE.
So since the HTML code is able to execute a program, isn't there a way that it could be modified to execute a command from the command prompt?
Inquiringly,
Adam Kautz
This page can not be displayed.
Win2k SP2, IE 5.01 SP2. Java set to high safety. ActiveX and scripting all set to prompt before running.
Another day, another Active X / MS / Java exploit.
*sigh* ..
well this link actually logs you off
<a href="http://www.krypton3d.com/xp" target="_blank">www.krypton3d.com/xp</a>
[quote]Originally posted by Alwayslearining:
<strong>well this link actually logs you off
<a href="http://www.krypton3d.com/xp" target="_blank">www.krypton3d.com/xp</a></strong><hr></blockquote>
The above is caught by most Antivirus platforms:
<a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_CIDEXPLOIT.B&VSect=T" target="_blank">JS_CIDEXPLOIT.B</a>
[quote]Originally posted by Alwayslearining:
<strong>well this link actually logs you off
<a href="http://www.krypton3d.com/xp" target="_blank">www.krypton3d.com/xp</a></strong><hr></blockquote>
Now that is celver. Same exploit just executing a differant application to log you off. Only works if you installed windows to the default directory mind.
I understand that such commands can now be exectuted without scripting or ActiveX enabled. Im looking for a example exploit. The Anti-Virus companies are moving in to save the day but i think its time to patch this one microsoft!
Already patched. <a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/RTF/en/5226.htm" target="_blank">Check here to read more</a>
Thanks for keeping us updated QT, but upon reading more info ("Technical Details") about the patch at:
<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-009.asp" target="_blank">http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/b ulletin/MS02-009.asp</a>
I found out that the patch fixes a flaw that did not involve the ability to execute files, so it does not appear to be a solution to the problem being discussed.
Adam
The page wouldn't even load. Oh well, sounds pretty neat-o. :p
Damn microsoft and their crappy software :mad:
Funny, my Pc-cillin at one office catches it, but the Norton Corporate at the other office doesn't
this may be a little late but, here is a link i got from PC-cillin, the online virus scan: <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_CIDEXPLOIT.B" target="_blank">http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_CIDEXPLOIT.B</a>