Bugtraq mailing list archives
Internet Explorer 5.0 HTML Applications
From: BBatchelder () CONNECTWISE COM (Bryan Batchelder)
Date: Fri, 30 Jul 1999 15:14:08 -0400
Hello Everyone-- I recently ran accross a feature in Internet Explorer 5.0 (Win32 only) which is not a threat per se, but might possibly be dangerous if not known about: IE 5 treats any file with the .hta extension as a fully trusted web application, and as such can do anything to your system that it wants. The danger in this is for an uneducated user to come accross one of these and execute it under the false impression that since it is not a .exe or .com it cannot execute arbitrary code on the machine. I have not heard of this being exploited, but in the past 2 days I have been writing VBScript that can nuke the filesystem or send email as the user via Outlook (unknown to the user). When IE5 encounters an HTA it prompts you if you would like to "Open from its current location" or "Save to hard disk" just like it was a normal executable file. HTAs stand for HTML Applications, and have full access to the system registry and any COM/DCOM objects in the system. I suggest that you tell anyone you know about these, since they have not been talked about very much, and the main risk imposed by these is no one knows WTF they are. If you have any questions, let me know, Thanks, Bryan D. Batchelder bbatchelder () connectwise com 813-935-7100
Current thread:
- Re: Simple DOS attack on FW-1 David Taylor (Jul 29)
- Internet Explorer 5.0 HTML Applications Bryan Batchelder (Jul 30)
- World writable root owned script in SalesBuilder (RedHat 6.0) smaster () SAIL IT (Jul 30)
- Possible Denial Of Service using DNS smaster () SAIL IT (Jul 30)
- Re: Simple DOS attack on FW-1 Jeff Roberson (Jul 30)
- <Possible follow-ups>
- Re: Simple DOS attack on FW-1 Scott, Richard (Jul 30)
- Re: Simple DOS attack on FW-1 Jason R. Rhoads (Jul 30)