By Jason Normanton
[For Internet Explorer 6 with updates q312361,q240308, and q313675, possibly earlier versions.]
Click your mouse over the words below and have some fun seeing what remote website
authors can run on your system at their convenience. While this is amusing and startling,
with a few loops it could cause a bit of a catastrophe on your system. Combined with other
exploits: force fed trojans could be run; possibly command parameters run; or directory
traversal (client side) exploits.
I have included demonstrations here of the PopUp OBJECT tag bug as well as the
"directoryInfo" bug because they have similiar results and combine to paint an interesting
picture.
Be sure and clean out your "Downloaded Program Files" directory when done.
Note: File paths made for Windows 2000 and Windows ME.
Control Panel
Fonts
Admin Tools
Dial Up Networking
Network Neighborhood
Tasks
Recycle Bin
My Documents