[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Internet Explorer 5.0 HTML Applications
From:       Bryan Batchelder <BBatchelder () CONNECTWISE ! COM>
Date:       1999-07-30 19:14:08
[Download RAW message or body]

Hello Everyone--

	I recently ran accross a feature in Internet Explorer 5.0 (Win32
only) which is not a threat per se, but might possibly be dangerous if not
known about:

	IE 5 treats any file with the .hta extension as a fully trusted web
application, and as such can do anything to your system that it wants.  The
danger in this is for an uneducated user to come accross one of these and
execute it under the false impression that since it is not a .exe or .com it
cannot execute arbitrary code on the machine.

	I have not heard of this being exploited, but in the past 2 days I
have been writing VBScript that can nuke the filesystem or send email as the
user via Outlook (unknown to the user).

	When IE5 encounters an HTA it prompts you if you would like to "Open
from its current location" or "Save to hard disk" just like it was a normal
executable file.

	HTAs stand for HTML Applications, and have full access to the system
registry and any COM/DCOM objects in the system.

	I suggest that you tell anyone you know about these, since they have
not been talked about very much, and the main risk imposed by these is no
one knows WTF they are.

If you have any questions, let me know,

Thanks,

Bryan D. Batchelder
bbatchelder@connectwise.com
813-935-7100

[prev in list] [next in list] [prev in thread] [next in thread]