IE6 Bug!

Published by

Ibelite.com: Yet another interesting bug surfaces, this one can do all sort of malicious thing if used correctly. Lets say someone sent you a virus and he knows the specific location of this virus on your hard drive. All he has to do is send you a website that will directly open it for you. Or even worse, those lovely sites which claim they have "progz or other utilities", can create a popup linking to the temp folder if downloaded there, execute this virus and vola. Also, you can change the exe to a shutdown command or a log off command, how scary is that, you enter a website and it shuts off your computer. Talk about a joke! I also created another file that will also open up your windows media player if it is in the following location, "c:/Program Files/Windows Media Player/wmplayer.exe".

The orginial link when opened will start your command shell (I tested it and its not malicious) on Win2k/XP in IE5/6 (I have the latest version installed with all the patches). When looking at the source it appears to be quite simple yet effective for the people who could misuse it. It simply calls via javascripting the command prompt. Others could let it do a whole lot more. /I>

Opens CMD

Opens Windows Media Player ( View Source )

More Examples