Full Disclosure mailing list archives
RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
From: "Steve Wray" <steve.wray () paradise net nz>
Date: Wed, 26 Feb 2003 11:26:45 +1300
[snip]
Because it is an html file proper, Internet Explorer opens it. The scripting inside is then parsed and fired. That scripting is pointing back to the same executable file with our original codebase object from the year 2000 and because it is a self-executing html file, it executes !
It does at least offer an open/save/cancel dialog... so it doesn't execute automagically.
Tested IE5.5 and IE6. Fully self-contained harmless *.exe:
http://www.malware.com/html.exe.zip
Be aware of html files out there.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II http-equiv () excite com (Feb 25)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II Steve Wray (Feb 25)