[29063] in bugtraq
RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
daemon@ATHENA.MIT.EDU (Dike)
Wed Feb 26 17:01:24 2003
Reply-To: <Dike@tarita.co.id>
From: "Dike" <Dike@tarita.co.id>
To: <bugtraq@securityfocus.com>
Date: Wed, 26 Feb 2003 08:50:13 +0700
Message-ID: <GAEDJFINLICCIOMKAANJKEOECBAA.Dike@tarita.co.id>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Confirmed on IE 5.0 too :(
Sorry One Liner,
Dike
> -----Original Message-----
> From: http-equiv@excite.com [mailto:http-equiv@malware.com]
> Sent: Wednesday, February 26, 2003 4:45 AM
> To: bugtraq@securityfocus.com
> Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
> Tuesday, February 25, 2003
>
> We are delighted to learn that the original self-executing html file,
> from June 1 2002 is now fixed with the most current of the many
> patches for the Internet Explorer series of browsers. See:
>
> http://online.securityfocus.com/archive/1/275126
>
> Regrettably.
>
> The following file is an html file comprising both scripting and an
> executable [*.exe].
>
> We inject scripting and an executable into the html file which is
> designed to point back to the executable in the html file and execute
> it. Provided the html file is an html file, Internet Explorer 5.5 and
> 6.0 will execute it.
>
> Because it is an html file proper, Internet Explorer opens it. The
> scripting inside is then parsed and fired. That scripting is pointing
> back to the same executable file with our original codebase object
> from the year 2000 and because it is a self-executing html file, it
> executes !
>
> Tested IE5.5 and IE6. Fully self-contained harmless *.exe:
>
> http://www.malware.com/html.exe.zip
>
> Be aware of html files out there.
>
> Key Words: Trust it's Worthy so Think it's Tank silly obvious
>
> --
> http://www.malware.com
