Re: Rather large MSIE-hole

[jon schatz <jon () divisionbyzero com>]

On Thu, 2002-03-14 at 14:48, KF wrote:
> Another thought... will this bug run an executable from a web page? If 
> so you could just make your own binary to do whatever you wanted. Like 
> http://mysiteathome.com/malware.exe or something along those lines. I 
> would HOPE that it asks to save the file to disk or even better ignore 
> it all together.

i get a warning message: "Your current security settings prohibit
running ActiveX controls on this page. As a result, the page may not
display correctly.". when i place the site the exe is linked from into
my "Trusted Sites" zone, I get a message asking me if i want to install
and run "http://www.divisionbyzero.com/calc.exe";.

But even though i get the error message the first time, IE still
downloads the file (or at least, a GET shows up in my apache log). I
can't seem to find it in my temp files though, but if it's location were
known, i could include a malware link, wait for ie to download the file,
then run the file with the same method.....

-jon

-- 
jon () divisionbyzero com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."

Attachment: signature.asc
Description: This is a digitally signed message part