Confirm on 6.0.2800.1106 On my IE is present: SP1, q324929, q810847, q813951 D'Amato Luigi Admin www.securitywireless.info ----- Original Message ----- From: "Dike" <Dike@tarita.co.id> To: <bugtraq@securityfocus.com> Sent: Tuesday, February 25, 2003 1:50 PM Subject: RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II > Confirmed on IE 5.0 too :( > > Sorry One Liner, > Dike > > > -----Original Message----- > > From: http-equiv@excite.com [mailto:http-equiv@malware.com] > > Sent: Wednesday, February 26, 2003 4:45 AM > > To: bugtraq@securityfocus.com > > Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II > > Tuesday, February 25, 2003 > > > > We are delighted to learn that the original self-executing html file, > > from June 1 2002 is now fixed with the most current of the many > > patches for the Internet Explorer series of browsers. See: > > > > http://online.securityfocus.com/archive/1/275126 > > > > Regrettably. > > > > The following file is an html file comprising both scripting and an > > executable [*.exe]. > > > > We inject scripting and an executable into the html file which is > > designed to point back to the executable in the html file and execute > > it. Provided the html file is an html file, Internet Explorer 5.5 and > > 6.0 will execute it. > > > > Because it is an html file proper, Internet Explorer opens it. The > > scripting inside is then parsed and fired. That scripting is pointing > > back to the same executable file with our original codebase object > > from the year 2000 and because it is a self-executing html file, it > > executes ! > > > > Tested IE5.5 and IE6. Fully self-contained harmless *.exe: > > > > http://www.malware.com/html.exe.zip > > > > Be aware of html files out there. > > > > Key Words: Trust it's Worthy so Think it's Tank silly obvious > > > > -- > > http://www.malware.com > > >
