Re: IE5 allows executing programs

[griffinb () HOTKEY NET AU (Brad Griffin)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all.
I recently posted extracts from George Guninski's original post about
this issue and an extract from Sysadmin's post (both with the code
samples) in an e-mail to another list to inform some of 'the masses'.
I received a personal e-mail from one of the people on that list
describing the following:

" I use Eudora Pro and have IE 5 as the default mail viewer (as is the
default Install) and you crashed Eudora (NT not logged in as
Administrator). I had to disable IE 5 as the default viewer to see the
mail..."
I assume this would have been caused by the mail reader attempting to
execute all four fragments of code.

Date sent:              Wed, 1 Sep 1999 09:59:45 -0700
Send reply to:          David LeBlanc <dleblanc () MINDSPRING COM>
From:                   David LeBlanc <dleblanc () MINDSPRING COM>
Subject:                Re: IE5 allows executing programs
Originally to:          SysAdmin <SysAdmin () SASSPRODUCTIONS COM>, BUGTRAQ () SECURITYFOCUS COM
To:                     BUGTRAQ () SECURITYFOCUS COM

> Now for the detailed response...
>
> At 09:16 PM 8/30/99 -0400, SysAdmin wrote:
>
> > ANY Windows 98 file can be overwritten.
*snip*
> YOU CAN GET THE USER TO EXECUTE ARBITRARY CODE.  Period.  End of story.
> What you do with that code is up to you.  There is no need to delve into
> the details of just how you steal the lunch money from the end users.
*even biggersnip*

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBN86VbgiK90dv14WBEQJ1ggCeOsY1DUXNIwKMaVgTOxHnMYSlg5gAoL1z
Bns0JeGvBg6AOy5x3HkOIoO0
=IOcI
-----END PGP SIGNATURE-----
Brad Griffin
2nd yr B.Infotech
CQU Rockhampton
Australia
(Translation: Does not require sleep)

http://www.cai.com/antivirus/personal/
FREE anti-virus software
http://www.avp.com
Not free, but about the best around
*****************************