Quote:
Originally posted by kmanrox
Yes there is, it doesn't warn, it asks like you like any plugin does if you'd like to install it.
|
Not on my end, using IE 6.0. It takes advantage of a flaw in IE 6. So there you have it.
Similar to this:
Quote:
On June 24, 2000, http-equiv <[email protected]> announced a
vulnerability in MSIE that could allow for malicious webmasters to execute
programs on client systems. The vulnerability involves embedding an
object in HTML with a non-zero CLASSID value and the CODEBASE parameter
set to the path of any executable on the client system.
Though it was believed that it was fixed in later versions, MSIE may still
be vulnerable to this issue. If objects with a CODEBASE value set to an
executable on the client system are embedded in new objects created using
window.PoPup() or window.Open(), the specified program will execute.
This may or may not be due to the same underlying flaw that caused the
vulnerability discovered by http-equiv. This particular behaviour was
reported by the Pull <[email protected]>.
Exploitation of this vulnerability may allow for remote attackers to
execute any program on a client system. If exploited in conjunction with
other vulnerabilities/conditions in Explorer, more serious attacks such as
forced download and execution of trojans may be possible. To exploit this
vulnerability, an attacker requires the victim to visit a webpage with
MSIE or open an HTML email with a client using the MSIE HTML rendering
component. MSIE 6 is confirmed vulnerable; previous versions may be as
well.
|