Re: IE 5.0 allows executing programs

[Russ.Cooper () RC ON CA (Russ)]

Not to diminish the importance of Georgi's find, but you can prevent the
exploit by changing the default, "Medium" security setting for the
Internet Zone, to "High", or simply disabling "Script ActiveX controls
marked safe for scripting". As opposed to disabling "Run ActiveX
controls or plug-ins" or disabling scripting completely.

Anyone following Richard Smith's finds in scriptable components from
Compaq, HP, et al may already have done this...;-]

Its also worth pointing that while Georgi's page nicely disclaims all
liabilities, etc... but it exploits you before you get a chance to read
that...;-] (Well, actually it exploits you if your systemroot is
"\windows", otherwise it generates a script error). I'm pretty sure you
could use the environment variable "%systemroot%" in place of any
instances of a hard coded directory name. I think it would be
interpreted correctly by the client.

Cheers,
Russ - NTBugtraq Editor