By crafting special Javascript string, attackers can cause Internet Explorer to execute arbitrary code.
For Proof of Concept click the following link:
http://www.computerterrorism.com/research/ie/poc.htm
Vulnerable Systems:
* Microsoft Internet Explorer version 5.5
* Microsoft Internet Explorer version 6
In continuation to my yesterday's post, here are the steps one should follow to view source code in notepad having folder "notepad" on the desktop
1.Go to Registry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
2.Create a new key “View Source Editor”
3.Right Click on the “View Source Editor” key just created and add a “New” Key “Editor Name” under it.
4.Select the “Editor Name” and Right Click on the “default” property that comes in the Details Window
5.Select “Modify”
6.Enter “C:\WINDOWS\NOTEPAD.EXE” in the Value data Textbox and Click Ok.
7.Now, you can create a folder named Notepad and still view source for any web page.
Create a folder on the desktop and name it "Notepad", open any webpage in IE and see its view source....
AMAZING !!!