Vulnerability Development mailing list archives
Re: Rather large MSIE-hole
From: jon schatz <jon () divisionbyzero com>
Date: 14 Mar 2002 15:54:18 -0800
On Thu, 2002-03-14 at 14:48, KF wrote:
Another thought... will this bug run an executable from a web page? If so you could just make your own binary to do whatever you wanted. Like http://mysiteathome.com/malware.exe or something along those lines. I would HOPE that it asks to save the file to disk or even better ignore it all together.
i get a warning message: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly.". when i place the site the exe is linked from into my "Trusted Sites" zone, I get a message asking me if i want to install and run "http://www.divisionbyzero.com/calc.exe". But even though i get the error message the first time, IE still downloads the file (or at least, a GET shows up in my apache log). I can't seem to find it in my temp files though, but if it's location were known, i could include a malware link, wait for ie to download the file, then run the file with the same method..... -jon -- jon () divisionbyzero com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Rather large MSIE-hole, (continued)
- Re: Rather large MSIE-hole Raul Dias (Mar 13)
- RE: Rather large MSIE-hole Maarten Oosterink (Mar 14)
- Re: Rather large MSIE-hole Syzop (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole Ryan Sweat (Mar 14)
- Re: Rather large MSIE-hole Keegan (Mar 14)
- RE: Rather large MSIE-hole Ryan Sweat (Mar 14)
- Re: Rather large MSIE-hole Eric V Brown (Mar 14)
- RE: Rather large MSIE-hole Wall, Kevin (Mar 14)
- Re: Rather large MSIE-hole Paul D. Campbell (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- RE: Rather large MSIE-hole Chad Thunberg (Mar 15)
- Re: Rather large MSIE-hole Joerg Over (Mar 15)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole John Swensson (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole The Blueberry (Mar 14)
- RE: Rather large MSIE-hole Keith Tyler (Mar 15)
- Re: Rather large MSIE-hole Slow2Show (Mar 15)
- RE: Rather large MSIE-hole Tiago Halm (Mar 16)