Re: Outlook/HTML "proggie"

[mrousseau () LABCAL COM (Maxime Rousseau)]

So actually you are re-releasing for us the vulnerability found by
Georgi Guninski and reported in microsoft bulletin MS99-032 "Patch
Available for "scriptlet.typelib/Eyedog" Vulnerability", published by
microsoft in August 31, 1999. Thats news!

Check this link for more info on the issue:
<http://www.microsoft.com/technet/security/bulletin/ms99-032.asp>

You might also want to rethink your SCR acronym as it might as well have
been SCRiptlet.Context, Scriptlet.Constructor, Scriptlet.Factory,
Scriptlet.HostEncode, Scriptlet.SvrOm or any other SCRiptlet type
object.

Thanks however for sharing it with us alast, I wish you much luck with
the anti-viral mail gateways! They are so annoying.

Cheers,
M.

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
methodman
Sent: Thursday, June 01, 2000 4:33 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: Outlook/HTML "proggie"

well...
since everybody is so interested in what the SCR object is, i'm going to
tell you...
it is an activex control with the classID:
06290BD5-48AA-11D2-8432-006008C3FBFC ,
it's name is actually SCRiptlet.typlib (that's why i gave it the id
SCR). WSH has the classID
F935DC22-1CF0-11D0-ADB9-00C04FD58A0B and is called "Windows Scripting
Host Shell Object",
(Wscript.SHell - therefore i gave it the id WSH).
about badblood... i didn't even hear about it until Thierry said it
exists, same goes for the code written by Exxtreme.
about the source code... if you are reading this through outlook check
"thisreallyworks.txt" on your desktop :)).
-- this only works if the security level is not set to "restriced sites
zone"

[ methodman ]