WARNING! Major security leak found in Win and IE!

P

Psionicist

Explorer
Okay.

A major security leak has been found in Win9x (95, 98, ME XPHome) and NT (NT, 2000, XPPro). The leak allows programs and code to be executed locally, which means virus and trojans and such can be installed when you visit a normal webpage.

I have created two sample pages that will attempt to shell calc.exe (Windows Calculator), which is HARMLESS. If calc.exe is executed, you have to change your security settings in your browser and DISABLE all ActiveX controls.

Press these links:
http://psionicist.online.fr/stuff/exploit/win9x.html
http://psionicist.online.fr/stuff/exploit/winnt.html

Did you get a message saying the page won't view correctly because ActiveX controls are disabled, or nothing att all happens? GREAT! Happy surfing.

If the windows calculator executes, then FOR THE LOVE OF GOD disable your ActiveX controls (Tools> Settings > Security or something).

Thanks.

Edit: My host is slow right now, so wait some 20 seconds.
Edit2: DO NOT run these pages locally (from your own computer). You can have highest security settings but if these files are saved on your hard drive and run from your own machine, calc.exe will be exectued NO MATTER WHAT, so run them from a server of your choice.
 
Last edited:

log in or register to remove this ad

Eeeek! :eek:

Calculator, ohmygoditwasacalculator!!!

Eeeek! :eek:

OK...gotta breathe.

Do you have any official documentation of this?

(Not that I need much convincing.)
 




Good News!

Yours Truly (that's me)... What the heck. I have found a way to disable this. It will take an hour or two to create a small program/hack to disable this WITHOUT getting annoying security messages like the fix in theregister article. Hold on.
 

Norton brought up a virus warning about it

Well, I tried the NT version for my XP Pro system, and Norton 2002 came up with a warning. I just got the March 8th virus updates... don't really know too much beyond that, though.
 


Re: Norton brought up a virus warning about it

Kvantum said:
Well, I tried the NT version for my XP Pro system, and Norton 2002 came up with a warning. I just got the March 8th virus updates... don't really know too much beyond that, though.
Click to expand...

same here. always make sure your antivirus software is updated folks!

happy surfing!
 

Um...I can't seem to find a way to disable ActiveX on its own. My current security settings indicate that "Unsigned ActiveX controls will not be downloaded" - does that mean it should already be disabled? 'Cause the calculator still showed up.

No way in hell I'll be screwing around with actual code - I'm just not that computer literate. I'd be too afraid of screwing something up, and I don't think this seven-year-old Packard Bell of mine could take another blow.
 

Similar Threads

B
D&D General D&D Creator Summit--VTT & One D&D
55 56 57 58 59
Replies
588
Views
95K
EthanSental
EthanSental
Dan Davenport
The Hardboiled GMshoe Reviews: Dark Times (superheroes + cyberpunk)
Replies
0
Views
2K
Dan Davenport
Dan Davenport
A
New Hobby Releases In Stores & PDF Spotlight: 15th October 2018
Replies
0
Views
3K
AngusA
A
A
New Hobby Releases In Stores & PDF Spotlight: 17th September 2018
Replies
2
Views
2K
JEB
JEB
A
New Hobby Releases In Stores & PDF Spotlight: 2nd July 2018
Replies
1
Views
2K
Xavian Starsider
Xavian Starsider
Remove ads

Top