[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: RE: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
From: "Steve Wray" <steve.wray () paradise ! net ! nz>
Date: 2003-02-25 22:26:45
[Download RAW message or body]
[snip]
>Because it is an html file proper, Internet Explorer opens it. The
>scripting inside is then parsed and fired. That scripting is pointing
>back to the same executable file with our original codebase object
>from the year 2000 and because it is a self-executing html file, it
>executes !
It does at least offer an open/save/cancel dialog...
so it doesn't execute automagically.
>Tested IE5.5 and IE6. Fully self-contained harmless *.exe:
>http://www.malware.com/html.exe.zip
>Be aware of html files out there.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic