DevDoc ActiveX Cookie

[Рягин Михаил Юрьевич <ryagin () EXTRIM RU>]

There is an ActiveX object, included for example, in Microsft MSDN
(develper's e-library), marked as safe for scripting, which allows
to store special "dev-cookies" on user computer.
  Dev-Cookie is a named string of length <=126.
  Name is limited to 127 characters.
  It is saved under HKCU\Software\Microsoft\DevDoc\Cookie registry key
and keeps being available even after system reboots.
  Example code:
------cut here-----
<OBJECT CLASSID="clsid:59CC0C20-679B-11D2-88BD-0800361A1803"
   WIDTH=100 HEIGHT=100
   ID="Cook">
</OBJECT>

<A HREF="javascript:Cook.putValue('windows','suxx');">put</A>
<A HREF="javascript:var c=Cook.getValue('windows'); alert('windows is '+c);">get</A>
-----cut there-----
First, click on 'put' link.
Second, close you browser window. You can even reboot your PC.
Third, click on 'get' link.

The malicious code is in the %Program Files%\Common Files\Microsoft Shared\MSDN\CookDoc.dll.

Tested on: Windows 2000, Windows 98, MSDN April 99, January 2000