Vulnerability Development mailing list archives
A possible VBS transport?
From: timothy.miller () AFIWC01 AF MIL (Timothy J. Miller)
Date: Fri, 19 May 2000 08:18:08 -0500
I noticed something while screwing around on some web sites last night. One site used a frameset with a null frame, which I've found to be not uncommon. However, when looking at this file (served up dutifully as text/html), it contained a basic HTML header (essentially a BASE HREF tag) and the remainder was binary data that turned out to be a Word 97 document with a script that opened a popup containing a bunch of click-through ads (again, not uncommon). Of course, Word happily renders HTML. Also of course, OLE allows the browser to invoke Office components to display embedded Office files (if you recall the Russian New Year exploit from a couple of years ago). My thinking turns to what could do with any kind of script embedded in this HTML-cum-Word document. Could this be used to transport macro/VBS viruses? It has the potential to evade the user-side decision to open an attachment. Personally, I've never seen this kind of thing before, but I typically keep myself clear of MS-related activities. Has anyone done any work in this regard, or seen anything related? Or am I completely off-base?
Current thread:
- A possible VBS transport? Timothy J. Miller (May 19)
- <Possible follow-ups>
- Re: A possible VBS transport? Arjen De Landgraaf (May 21)