Vulnerability Development mailing list archives
Re: Winnt/Win2k Vuln ?
From: sween <sween () modelm org>
Date: Mon, 13 Aug 2001 13:49:34 -0400 (EDT)
Remember this?
I remember this as a L0pht (@stake) advisory from back in the day...
<SCRIPT LANGUAGE=VBScript>
Set WWObj = CreateObject("Word.Document")
WWObj.SaveAs("c:\windows\desktop\www.google.com")
</SCRIPT>
can it be used in any sort of fashion in this vulnerability???
On Mon, 13 Aug 2001 martin.goudreault () notes canadair ca wrote:
Hi All, You can also do the same thing with files that are associated: *.doc (will open Word), *.xls (will open Excel), *.mdb (will open Access) and so on... Try this: Create a word document (or excel sheet) with an automacro, copy it to your desktop, rename it to whatever URL you want, open IE and type that address...voila... (worked here!) Harmful you say... Yeesh Just my two cents worth... Martin Goudreault Senior Systems Support Bombardier - AeroSpace St-Laurent, Qc, Canada (514) 855-5001 x55488
-- --- -sween | M | http://www.modelm.org --- "force feedback computing since 1984." <meta name="MSSmartTagsPreventParsing" content="TRUE">
Current thread:
- Re: Winnt/Win2k Vuln ?, (continued)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 11)
- RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 12)
- RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 11)
- Re: Winnt/Win2k Vuln ? sween (Aug 13)
- Re: Winnt/Win2k Vuln ? J. Bol (Aug 14)