Internet Explorer Exploit
 

I've just seen an exploit that can save and execute an exe file to your computer through an HTML page in internet explorer. The code is written in VBScript and uses a little ASP to hide what it's doing.

Just a heads up people.. be careful.

Has anyone else seen this? I have the code to prove it.

:helpme

I discovered another one about a year ago that still works on all versions/settings. I'm keeping that to myself though!

this is why activex is disabled on my ie :)

this shit is getting scary. Thats why i try to use mozilla a lot

I have all ActiveX disabled except the plug-ins (so I can still see flash/j@v@script

I guess everyone already knows about this? :warning

Mmm, its old.

You can test if You're vuln here:

http://www.signupsluts.com/harmless_vuln_test.html

Totally harmless test.

:sleep

How old can it be? I just updated Windows XP when the DCOM worm was going around and now they have a patch for it in Windows Update.

Thanks for the test.. got everything patched :thumbsup

Litte bit of Active-x a tab bit of hahahahahahahahahaha...I dash of .hta in your temp folder..and exe file on a server a little script to read...


TADA!


Ownage. Welcome to mime exploit 9d8

well, over a week anyhow ;)


--------
Internet Explorer Object Data Remote Execution Vulnerability

Release Date:
August 20, 2003

Reported Date:
May 15, 2003

Severity:
High (Remote Code Execution)

Systems Affected:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003
--------

Watch out now :thumbsup