Ravikanth's Blog

Happenings around Me


India MVP Blogs

Mugh blogs


My Favorites

My Network Places

November 2005 - Posts

Microsoft Internet Explorer JavaScript Window() Code Execution

By crafting special Javascript string, attackers can cause Internet Explorer to execute arbitrary code.

For Proof of Concept click the following link:

Vulnerable Systems:
 * Microsoft Internet Explorer version 5.5
 * Microsoft Internet Explorer version 6

Registry tweak: To view source code in notepad having folder "notepad" on the desktop

In continuation to my yesterday's post, here are the steps one should follow to view source code in notepad having folder "notepad" on the desktop

1.Go to Registry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\  
2.Create a new key “View Source Editor”  
3.Right Click on the “View Source Editor” key just created and add a “New” Key “Editor Name” under it.  
4.Select the “Editor Name” and Right Click on the “default” property that comes in the Details Window    
5.Select “Modify”  
6.Enter “C:\WINDOWS\NOTEPAD.EXE” in the Value data Textbox and Click Ok.  
7.Now, you can create a folder named Notepad and still view source for any web page.

Is it Microsoft Windows bug?

Create a folder on the desktop and name it "Notepad", open any webpage in IE and see its view source....


More Posts