zack371
Mar 05, 2002, 11:19 AM
OK Guys and Gals,
This is a serious security hole in Internet Explorer. It will allow any .exe file to be run on your system with no warning. I have tested it in IE, Outlook and OE. It works. I have all the latest security patches, updates, etc.
Demo was kind enough to post the problem here. Demo M8, I have removed your original message as we have had some trouble with people sendding virii, etc to forum members in the past, and I did not want this exploit gettting sent around. I am posting below your original post that you had linked to, except I have edited out the code.
There is a severe IE, Outlook and Outlook Express security problem that has not been fixed as yet.
I was caught with this one over the weekend (I think) and My HD was formated, thankfully I had just taken a backup. BTW S the mail which caught me was intended for you but they spelt the name wrong.
This code will run even if active scripting and activex have been disabled in your internet settings, which if it isn't it should be.
If you copy and paste the following text into notepad and save it as something.htm and then run the page it will launch Calc.exe Please change the path "c:/windows/system32/calc.exe" to reflect that of your calc.exe. This example was first released by researchers on a website called Greymagic software and is now spread all over the internet, otherwise I would NOT be posting the information.
Exploit code removed. -Zack
A simple solution to this problem was found by Axel Pettinger and Garland Hopkins and requires a REG edit.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\0]
and change the value of "1004" (DWORD) from "0" to "3".
Before starting back up your registry.
I have tested this registry hack and can verify that it works, well at least in win2k. BTW this registry hack will have to be done on each user account you have on your computer.
I have tested the registry hack myself and it fixed the problem. Everyone should apply this fix ASAP, as this is a nasty little exploit. . .
Demo, Cheers for posting this info man. :tup:
-Zack
http://www.mindshatter.com/zack/smanback1.gif
This is a serious security hole in Internet Explorer. It will allow any .exe file to be run on your system with no warning. I have tested it in IE, Outlook and OE. It works. I have all the latest security patches, updates, etc.
Demo was kind enough to post the problem here. Demo M8, I have removed your original message as we have had some trouble with people sendding virii, etc to forum members in the past, and I did not want this exploit gettting sent around. I am posting below your original post that you had linked to, except I have edited out the code.
There is a severe IE, Outlook and Outlook Express security problem that has not been fixed as yet.
I was caught with this one over the weekend (I think) and My HD was formated, thankfully I had just taken a backup. BTW S the mail which caught me was intended for you but they spelt the name wrong.
This code will run even if active scripting and activex have been disabled in your internet settings, which if it isn't it should be.
If you copy and paste the following text into notepad and save it as something.htm and then run the page it will launch Calc.exe Please change the path "c:/windows/system32/calc.exe" to reflect that of your calc.exe. This example was first released by researchers on a website called Greymagic software and is now spread all over the internet, otherwise I would NOT be posting the information.
Exploit code removed. -Zack
A simple solution to this problem was found by Axel Pettinger and Garland Hopkins and requires a REG edit.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\0]
and change the value of "1004" (DWORD) from "0" to "3".
Before starting back up your registry.
I have tested this registry hack and can verify that it works, well at least in win2k. BTW this registry hack will have to be done on each user account you have on your computer.
I have tested the registry hack myself and it fixed the problem. Everyone should apply this fix ASAP, as this is a nasty little exploit. . .
Demo, Cheers for posting this info man. :tup:
-Zack
http://www.mindshatter.com/zack/smanback1.gif