[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    RE: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
From:       "Steve Wray" <steve.wray () paradise ! net ! nz>
Date:       2003-02-25 22:26:45
[Download RAW message or body]

[snip]
>Because it is an html file proper, Internet Explorer opens it. The 
>scripting inside is then parsed and fired. That scripting is pointing 
>back to the same executable file with our original codebase object 
>from the year 2000 and because it is a self-executing html file, it 
>executes ! 

It does at least offer an open/save/cancel dialog...
so it doesn't execute automagically.


>Tested IE5.5 and IE6. Fully self-contained harmless *.exe:

>http://www.malware.com/html.exe.zip 

>Be aware of html files out there. 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]