[11716] in bugtraq

home help back first fref pref prev next nref lref last post

Re: IE5 allows executing programs

daemon@ATHENA.MIT.EDU (Brad Griffin)
Tue Sep 7 13:16:04 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id:  <199909030120.LAA09388@rockhampton-psvr.qld.hotkey.net.au>
Date:         Fri, 3 Sep 1999 11:19:10 +1000
Reply-To: griffinb@hotkey.net.au
From: Brad Griffin <griffinb@HOTKEY.NET.AU>
X-To:         David LeBlanc <dleblanc@MINDSPRING.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <3.0.3.32.19990901095945.02d8dae0@mail.mindspring.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi all.
I recently posted extracts from George Guninski's original post about
this issue and an extract from Sysadmin's post (both with the code
samples) in an e-mail to another list to inform some of 'the masses'.
I received a personal e-mail from one of the people on that list
describing the following:

" I use Eudora Pro and have IE 5 as the default mail viewer (as is the
default Install) and you crashed Eudora (NT not logged in as
Administrator). I had to disable IE 5 as the default viewer to see the
mail..."
I assume this would have been caused by the mail reader attempting to
execute all four fragments of code.


Date sent:      	Wed, 1 Sep 1999 09:59:45 -0700
Send reply to:  	David LeBlanc <dleblanc@MINDSPRING.COM>
From:           	David LeBlanc <dleblanc@MINDSPRING.COM>
Subject:        	Re: IE5 allows executing programs
Originally to:  	SysAdmin <SysAdmin@SASSPRODUCTIONS.COM>, BUGTRAQ@SECURITYFOCUS.COM
To:             	BUGTRAQ@SECURITYFOCUS.COM

> Now for the detailed response...
>
> At 09:16 PM 8/30/99 -0400, SysAdmin wrote:
>
> >ANY Windows 98 file can be overwritten.
>
*snip*
> YOU CAN GET THE USER TO EXECUTE ARBITRARY CODE.  Period.  End of story.
> What you do with that code is up to you.  There is no need to delve into
> the details of just how you steal the lunch money from the end users.
*even biggersnip*

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBN86VbgiK90dv14WBEQJ1ggCeOsY1DUXNIwKMaVgTOxHnMYSlg5gAoL1z
Bns0JeGvBg6AOy5x3HkOIoO0
=IOcI
-----END PGP SIGNATURE-----
Brad Griffin
2nd yr B.Infotech
CQU Rockhampton
Australia
(Translation: Does not require sleep)

http://www.cai.com/antivirus/personal/
FREE anti-virus software
http://www.avp.com
Not free, but about the best around
*****************************
home help back first fref pref prev next nref lref last post