OBJECT DATA="text/html" may allow executing arbitrary programs in IE 5.5
This Advisory and Demonstration is Copyright (c) 2000 Georgi Guninski. You may distribute
it unmodified. You may not modify it and distribute it or distribute parts
of it without the author's written permission.
The opinions expressed in this advisory and program are my own and
not of any company.
The usual standard disclaimer applies, especially the fact that Georgi
is not liable for any damages caused by direct or indirect use
of the information or functionality provided by this advisory or program.
Georgi Guninski, bears no responsibility for content or misuse of this
advisory or program or any derivatives thereof.
This demo is for Windows 9x - you must modify the source for Win2K.
You may need to wait a few minutes if you have slow computer. If you have Pentium 500 or better or use Win2K probably much less.
It is expected a window with location "about:blank" to be opened containing index.dat - the file where the random names of temporary internet files directories are kept (they are random names in the beginning of the window) and the list of all visited URLs among other stuff.
Once the temporary internet files directories are know it is possible to execute arbitrary programs thru cached files and showHelp() or OBJECT CODEBASE="...".
If you don't see a window with location "about:blank" and content of index.dat close IE and visit the page again.
Read the Advisory for more information.
(C) Copyright 2000 Georgi Guninski
| Home |
Internet Explorer |
Windows 2000 |