On Thu, 21 Feb 2002, Mike Carney stated: > Setting your browser to high disables this from happening but I figured I'd share >this link to a Hungarian web site. I believe that the site has notified Microsoft of >this problem. > > http://www.kurt.hu/iebug.htm > > I checked all the browsers in my office and they were set to medium (Is this the >default?) and turned off active scripting. > > Have a good day > > Mike >
Hi. I visited this site (http://www.kurt.hu/iebug.htm) with IE 5.00.3315.1000 on Win2K (SP2 + all pre SP3 patches installed) and wasn't affected by the javascript calling cmd.exe. IE reported "Error on page" with those details: Line: 18 Char: 2 Error: Object doesn't support this property of method Code: 0 URL: http://www.kurt.hu/iebug.htm I tried this with the default security setting of IE (which is "medium") as well as "low" security setting. I don't know which patches you have and have not installed on the systems you tested this successfully on, but one should always ensure that patches are installed pronto when released from the vendor. For Win2k with SP2 you can use the "security rollup package" to determine, download and install patches released after SP2. It can be found at: http://www.microsoft.com/Windows2000/downloads/critical/q311401/download.asp Patrik Birgersson
