bryce <[EMAIL PROTECTED]> wrote:
> I'm new to this list, and sorta new to security on a computer. But can > someone tell me what program runs a .hta file??
Sigh. Since no one else seems inclined actually to answer this question, I'll do it.
In a (pea)nutshell, Microsoft Internet Explorer is the application by which .hta files are designed to be interpreted. However, any browser that understands the syntax (e.g., Netscape) can in theory handle them.
They provide functionality above and beyond HTML; they were
originally supposed to supply designers with a way of
prototyping Web-based applications that employ dynamic
HTML, and thus would never be present in a production system.
In reality, they get used for a lot of producation purposes: password/access control lists, triggering helper applications
such as Office components, and in fact for launching just
about any local program while providing a simple user
interface similar to the password entry box included
with most browsers. Convenient, and quite nasty if misused.
Hopefully this brief overview will make it obvious to you what a serious security risk these files represent, and how laughably easy it was (is) to use them as a vector for malware.
m5x
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
