Bugtraq mailing list archives
Re: IE5 allows executing programs
From: kragen () POBOX COM (Kragen Sitaker)
Date: Sun, 5 Sep 1999 15:55:52 -0400
David LeBlanc writes:
YOU CAN GET THE USER TO EXECUTE ARBITRARY CODE. Period. End of story. What you do with that code is up to you. There is no need to delve into the details of just how you steal the lunch money from the end users.
Well, it should be noted that there are things you can do with that code that are a lot worse than deleting all of somebody's files. Password theft, credit-card theft, wholesale identity theft, distributed computation (need to crack a DES message in a day?), embezzling money if they use CheckFree, blackmail, and corporate espionage come to mind. This sort of thing will happen, sooner or later, on a wide scale -- unless we can do something about it soon.
The other thing is that the default install for NT (especially on HP's) is FAT,Wrong. That could be how that manufacturer sets up _some_ of their machines, but it isn't default for NT install.
Micron and Intergraph also install NT on FAT when they ship it to you. Micron hassles you if you switch to NTFS and then call them for support; they wanted my co-worker to reinstall NT on FAT and then call them back if he was still having trouble. The NT install program gives you the option of FAT or NTFS; I don't remember which it picks by default. If I recall correctly (I've only installed NT five or six times), if you later convert to NTFS (without reinstalling), you carry over the FAT permissions: "Full Control" for "All Users" on everything.
Most people who don't know what NTFS is are still using it if they are running NT.
Are there manufacturers that ship NT with NTFS by default? -- <kragen () pobox com> Kragen Sitaker <http://www.pobox.com/~kragen/> Tue Aug 24 1999 76 days until the Internet stock bubble bursts on Monday, 1999-11-08. <URL:http://www.pobox.com/~kragen/bubble.html>
Current thread:
- Re: IE5 allows executing programs, (continued)
- Re: IE5 allows executing programs SysAdmin (Aug 30)
- Re: IE5 allows executing programs Jim Frost (Sep 01)
- Re: IE5 allows executing programs David LeBlanc (Sep 01)
- Re: IE5 allows executing programs Brad Griffin (Sep 02)
- Re: IE5 allows executing programs David LeBlanc (Sep 07)
- re, anti btrom Martin Markovitz (Sep 08)
- Re: IE5 allows executing programs Paul L Schmehl (Sep 08)
- SDI AMD remote exploit for RH linux Thiago (Sep 02)
- Re: IE5 allows executing programs SysAdmin (Aug 30)
- Re: IE5 allows executing programs J MacCraw (Sep 07)
- Re: IE5 allows executing programs Jesper M. Johansson (Sep 08)
- Re: IE5 allows executing programs SysAdmin (Sep 08)
- Re: IE5 allows executing programs Haxor, Wikit (Sep 16)
- Two SuSE 6.2 local root exploits Brock Tellier (Sep 16)
- SuSE 6.2 /usr/bin/sccw read any file Brock Tellier (Sep 16)
- Fw: CERT Advisory CA-99.12 - Buffer Overflow in amd morex (Sep 16)
- More fun with WWWBoard David Weins (Sep 17)
- Re: More fun with WWWBoard Chris Ridd (Sep 20)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 21)
- Re: More fun with WWWBoard Patrick Oonk (Sep 22)