[11790] in bugtraq
Re: IE5 allows executing programs
daemon@ATHENA.MIT.EDU (J MacCraw)
Thu Sep 9 19:20:03 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.5.32.19990907100103.0091a100@mail.warpmedia.net>
Date: Tue, 7 Sep 1999 10:01:03 -0400
Reply-To: J MacCraw <jmaccraw@WARPMEDIA.NET>
From: J MacCraw <jmaccraw@WARPMEDIA.NET>
X-To: SysAdmin <SysAdmin@SASSPRODUCTIONS.COM>, bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NDBBJHJLCKGHBILJGOJDAEBGCAAA.SysAdmin@sassproductions.com>
Does this writing to an EXE bypass Anti-Virus protection against programs
that write to EXE's?
How about a less damaging example that writes to say "C:\temp\example.exe"
so we can see what it does safely?
At 21:16 8/30/1999 -0400, SysAdmin Wrote:
<snip>
>
>ANY Windows 98 file can be overwritten. Period. If you try and manually
>pasting over or destroying the file you will be denied, however Active X can
>help where you can't. In fact, ironically, after it's been corrupted you
>cannot fix it because you are denied from touching it! If Windows 98 is
>restarted or crashed (hint, forced to crash), then it will fail start up
>with a Fatal Exception, you can only recover from DOS by restoring the file.
>I would like to note, for the record, that the vast majority of home users
>who will never know about the patch to this file or know what Active X even
>is are not in possession of 98 install disks. Rather they are in possession
>of a disk that restores the computer to factory original. Despite David
>LeBlanc et al. assurance that we could just disable Active X I'm discussing
>it because you know your poor parents are NEVER going to, how would they
>understand the instructions? And, of course, what average user could EVER
>recover from this sort of damage?
>
<snip>
>
>The link is http://www.sassproductions.com/hacked.htm
>
<snip>
Joshua MacCraw
http://www.warpmedia.net
mailto:jmaccraw@warpmedia.net
