On my IE is present: SP1, q324929, q810847, q813951
D'Amato Luigi
Admin www.securitywireless.info
----- Original Message -----
From: "Dike" <Dike (at) tarita.co (dot) id [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Tuesday, February 25, 2003 1:50 PM
Subject: RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
> Confirmed on IE 5.0 too :(
>
> Sorry One Liner,
> Dike
>
> > -----Original Message-----
> > From: http-equiv (at) excite (dot) com [email concealed] [mailto:http-equiv (at) malware (dot) com [email concealed]]
> > Sent: Wednesday, February 26, 2003 4:45 AM
> > To: bugtraq (at) securityfocus (dot) com [email concealed]
> > Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
> > Tuesday, February 25, 2003
> >
> > We are delighted to learn that the original self-executing html file,
> > from June 1 2002 is now fixed with the most current of the many
> > patches for the Internet Explorer series of browsers. See:
> >
> > http://online.securityfocus.com/archive/1/275126
> >
> > Regrettably.
> >
> > The following file is an html file comprising both scripting and an
> > executable [*.exe].
> >
> > We inject scripting and an executable into the html file which is
> > designed to point back to the executable in the html file and execute
> > it. Provided the html file is an html file, Internet Explorer 5.5 and
> > 6.0 will execute it.
> >
> > Because it is an html file proper, Internet Explorer opens it. The
> > scripting inside is then parsed and fired. That scripting is pointing
> > back to the same executable file with our original codebase object
> > from the year 2000 and because it is a self-executing html file, it
> > executes !
> >
> > Tested IE5.5 and IE6. Fully self-contained harmless *.exe:
> >
> > http://www.malware.com/html.exe.zip
> >
> > Be aware of html files out there.
> >
> > Key Words: Trust it's Worthy so Think it's Tank silly obvious
> >
> > --
> > http://www.malware.com
>
>
>
On my IE is present: SP1, q324929, q810847, q813951
D'Amato Luigi
Admin www.securitywireless.info
----- Original Message -----
From: "Dike" <Dike (at) tarita.co (dot) id [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Tuesday, February 25, 2003 1:50 PM
Subject: RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
> Confirmed on IE 5.0 too :(
>
> Sorry One Liner,
> Dike
>
> > -----Original Message-----
> > From: http-equiv (at) excite (dot) com [email concealed] [mailto:http-equiv (at) malware (dot) com [email concealed]]
> > Sent: Wednesday, February 26, 2003 4:45 AM
> > To: bugtraq (at) securityfocus (dot) com [email concealed]
> > Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
> > Tuesday, February 25, 2003
> >
> > We are delighted to learn that the original self-executing html file,
> > from June 1 2002 is now fixed with the most current of the many
> > patches for the Internet Explorer series of browsers. See:
> >
> > http://online.securityfocus.com/archive/1/275126
> >
> > Regrettably.
> >
> > The following file is an html file comprising both scripting and an
> > executable [*.exe].
> >
> > We inject scripting and an executable into the html file which is
> > designed to point back to the executable in the html file and execute
> > it. Provided the html file is an html file, Internet Explorer 5.5 and
> > 6.0 will execute it.
> >
> > Because it is an html file proper, Internet Explorer opens it. The
> > scripting inside is then parsed and fired. That scripting is pointing
> > back to the same executable file with our original codebase object
> > from the year 2000 and because it is a self-executing html file, it
> > executes !
> >
> > Tested IE5.5 and IE6. Fully self-contained harmless *.exe:
> >
> > http://www.malware.com/html.exe.zip
> >
> > Be aware of html files out there.
> >
> > Key Words: Trust it's Worthy so Think it's Tank silly obvious
> >
> > --
> > http://www.malware.com
>
>
>
[ reply ]