WARNING! Major security leak found in Win and IE!

Nothing happened, absolutely nothing. I guess that's a good thing.
Windows 2000 Service Pack 2, in case anyone's curious.

I've had pretty decent luck considering the lack of AV programs on my PC. But part of it is common sense, as my e-mail-happy sister discovered last month. I'm still purging the garbage out of her system.
 

log in or register to remove this ad

Bran Blackbyrd said:
Nothing happened, absolutely nothing. I guess that's a good thing.
Windows 2000 Service Pack 2, in case anyone's curious.

I've had pretty decent luck considering the lack of AV programs on my PC. But part of it is common sense, as my e-mail-happy sister discovered last month. I'm still purging the garbage out of her system.
Click to expand...

Agreed on the last point... common sense is as important (if not more so) than a virus checker... and you don't have to update common sense as often :)
 





Psionicist said:
Okay.

A major security leak has been found in Win9x (95, 98, ME XPHome) and NT (NT, 2000, XPPro). The leak allows programs and code to be executed locally, which means virus and trojans and such can be installed when you visit a normal webpage.

I have created two sample pages that will attempt to shell calc.exe (Windows Calculator), which is HARMLESS. If calc.exe is executed, you have to change your security settings in your browser and DISABLE all ActiveX controls.

Press these links:
http://psionicist.online.fr/stuff/exploit/win9x.html
http://psionicist.online.fr/stuff/exploit/winnt.html

Did you get a message saying the page won't view correctly because ActiveX controls are disabled, or nothing att all happens? GREAT! Happy surfing.

If the windows calculator executes, then FOR THE LOVE OF GOD disable your ActiveX controls (Tools> Settings > Security or something).

Thanks.

Edit: My host is slow right now, so wait some 20 seconds.
Edit2: DO NOT run these pages locally (from your own computer). You can have highest security settings but if these files are saved on your hard drive and run from your own machine, calc.exe will be exectued NO MATTER WHAT, so run them from a server of your choice.
Click to expand...


Thanks for the tip. I didn't see calculator so I am OK but a lot of people may have been saved a world of hurt. Thanks for helping makeg this a community instead of just a discussion board.
 

Similar Threads

B
D&D General D&D Creator Summit--VTT & One D&D
55 56 57 58 59
Replies
588
Views
95K
EthanSental
EthanSental
Dan Davenport
The Hardboiled GMshoe Reviews: Dark Times (superheroes + cyberpunk)
Replies
0
Views
2K
Dan Davenport
Dan Davenport
A
New Hobby Releases In Stores & PDF Spotlight: 15th October 2018
Replies
0
Views
3K
AngusA
A
A
New Hobby Releases In Stores & PDF Spotlight: 17th September 2018
Replies
2
Views
2K
JEB
JEB
A
New Hobby Releases In Stores & PDF Spotlight: 2nd July 2018
Replies
1
Views
2K
Xavian Starsider
Xavian Starsider
Remove ads

Top