Internet Explorer Exploit

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • JSA Matt
    So Fucking Banned
    • Aug 2003
    • 5464

    #1

    Internet Explorer Exploit

    I've just seen an exploit that can save and execute an exe file to your computer through an HTML page in internet explorer. The code is written in VBScript and uses a little ASP to hide what it's doing.

    Just a heads up people.. be careful.

    Has anyone else seen this? I have the code to prove it.

  • cluck
    Confirmed User
    • Dec 2002
    • 5248

    #2
    I discovered another one about a year ago that still works on all versions/settings. I'm keeping that to myself though!
    icq 279990726
    www.mcdonalds.com <- great money making opportunity

    Comment

    • SMG
      Confirmed User
      • Aug 2003
      • 1798

      #3
      this is why activex is disabled on my ie
      TGP Webmasters: sign up for the top 100 tgp list!
      Submit galleries
      If you add me to icq (title) make sure to mention GFY or I'll think you're a bot and deny you.

      Comment

      • bigdog
        Confirmed User
        • Jul 2001
        • 6964

        #4
        this shit is getting scary. Thats why i try to use mozilla a lot

        Comment

        • JSA Matt
          So Fucking Banned
          • Aug 2003
          • 5464

          #5
          Originally posted by SMG
          this is why activex is disabled on my ie
          I have all ActiveX disabled except the plug-ins (so I can still see flash/j@v@script

          Comment

          • JSA Matt
            So Fucking Banned
            • Aug 2003
            • 5464

            #6
            I guess everyone already knows about this?

            Comment

            • extreme
              Confirmed User
              • Oct 2002
              • 2120

              #7
              Mmm, its old.

              You can test if You're vuln here:

              http://www.signupsluts.com/harmless_vuln_test.html

              Totally harmless test.

              Comment

              • Trax
                [----------------------]
                • Aug 2001
                • 14486

                #8

                Comment

                • JSA Matt
                  So Fucking Banned
                  • Aug 2003
                  • 5464

                  #9
                  Originally posted by extreme
                  Mmm, its old.

                  You can test if You're vuln here:

                  http://www.signupsluts.com/harmless_vuln_test.html

                  Totally harmless test.
                  How old can it be? I just updated Windows XP when the DCOM worm was going around and now they have a patch for it in Windows Update.

                  Thanks for the test.. got everything patched

                  Comment

                  • KMR Stitch
                    I am cool
                    • Jul 2003
                    • 14494

                    #10
                    Litte bit of Active-x a tab bit of hahahahahahahahahaha...I dash of .hta in your temp folder..and exe file on a server a little script to read...


                    TADA!


                    Ownage. Welcome to mime exploit 9d8

                    Comment

                    • extreme
                      Confirmed User
                      • Oct 2002
                      • 2120

                      #11
                      Originally posted by JSA Matt


                      How old can it be? I just updated Windows XP when the DCOM worm was going around and now they have a patch for it in Windows Update.

                      Thanks for the test.. got everything patched
                      well, over a week anyhow ;)


                      --------
                      Internet Explorer Object Data Remote Execution Vulnerability

                      Release Date:
                      August 20, 2003

                      Reported Date:
                      May 15, 2003

                      Severity:
                      High (Remote Code Execution)

                      Systems Affected:
                      Microsoft Internet Explorer 5.01
                      Microsoft Internet Explorer 5.5
                      Microsoft Internet Explorer 6.0
                      Microsoft Internet Explorer 6.0 for Windows Server 2003
                      --------

                      Comment

                      • JSA Matt
                        So Fucking Banned
                        • Aug 2003
                        • 5464

                        #12
                        Originally posted by extreme


                        well, over a week anyhow ;)
                        Watch out now

                        Comment

                        Working...