[snip] >Because it is an html file proper, Internet Explorer opens it. The >scripting inside is then parsed and fired. That scripting is pointing >back to the same executable file with our original codebase object >from the year 2000 and because it is a self-executing html file, it >executes !
It does at least offer an open/save/cancel dialog... so it doesn't execute automagically. >Tested IE5.5 and IE6. Fully self-contained harmless *.exe: >http://www.malware.com/html.exe.zip >Be aware of html files out there. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
