RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II

["Steve Wray" <steve.wray () paradise net nz>]

[snip]
> Because it is an html file proper, Internet Explorer opens it. The 
> scripting inside is then parsed and fired. That scripting is pointing 
> back to the same executable file with our original codebase object 
> from the year 2000 and because it is a self-executing html file, it 
> executes ! 

It does at least offer an open/save/cancel dialog...
so it doesn't execute automagically.


> Tested IE5.5 and IE6. Fully self-contained harmless *.exe:

> http://www.malware.com/html.exe.zip 

> Be aware of html files out there. 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html