Vulnerability Development mailing list archives
Re: Outlook/HTML "proggie"
From: spepper () WLU CA (Shelagh Pepper)
Date: Thu, 1 Jun 2000 09:00:17 -0400
A script within the body of an email CAN access the FileSystemObject if the Scripting host is available. I will send a sample separately. Most of the code in my sample is directly lifted from the Microsoft Scripting samples on their website. Shelagh At 10:34 AM 5/31/00 -0400, you wrote:
! -----Original Message----- ! From: VULN-DEV (kiss the sun and walk on air) ! Sent: Wednesday, May 31, 2000 7:35 AM ! ! My guess was the "Scripting" object, or SCRRUN.DLL. Thats ! the DLL that ! contains the FileSystemObject classes and its subordinates that the ! recent rash of VBS scripts have been using to access the disk. ! -pete I would be very very VERY surprised if a script within the HTML of an eMail would be able to access the FileSystemObject. Saying this means every eMail/website is able to read/write/delete all of your files at will. I think you are confusing the ILY kind of viruses where the users actually double-click a .vbs file, giving it their permission to run in the Computer context and not in an internet context. I also really doublt its a screen saver :) Unless they made an ActiveX/COM interface on screensavers while i was looking the other way? The best guess would be to assume he used one of the old objects overflows and that his post was nothing but an empty brag without substance or new technical material of interest. As Thierry pointed out, this might be the BadBlood thing or the BubbleBoy virus too. If this is something new I'm still very interested in knowing what is that SCR object he used. M.
Shelagh Pepper (519) 884-0710 x3939 Multimedia Coordinator (519) 884-1970 x3939 Computing and Communication Services (519) 884-1279 FAX Wilfrid Laurier University spepper () wlu ca Waterloo, Ontario, N2L 3C5 webmaster () wlu ca
Current thread:
- Re: Outlook/HTML "proggie" Shelagh Pepper (Jun 01)
- <Possible follow-ups>
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 01)
- Re: Outlook/HTML "proggie" Shelagh Pepper (Jun 02)
- Re: Outlook/HTML "proggie" methodman (Jun 01)
- Possible problem with NT Domains Leigh Watson (Jun 02)
- Re: Outlook/HTML "proggie" Eric Chien (Jun 02)
- Re: Outlook/HTML "proggie" James Turner (Jun 02)
- MSProxy Server 2 Logic Bug (Jun 02)
- Re: Outlook/HTML "proggie" Walter Williams (Jun 02)
- AW: Outlook/HTML "proggie" Joerg Weber (Jun 02)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 02)
(Thread continues...)