On June 24, 2000, http-equiv <http-equiv@excite.com> announced a vulnerability in MSIE that could allow for malicious webmasters to execute programs on client systems. The vulnerability involves embedding an object in HTML with a non-zero CLASSID value and the CODEBASE parameter set to the path of any executable on the client system.
Though it was believed that it was fixed in later versions, MSIE may still be vulnerable to this issue. If objects with a CODEBASE value set to an executable on the client system are embedded in new objects created using window.PoPup() or window.Open(), the specified program will execute. This may or may not be due to the same underlying flaw that caused the vulnerability discovered by http-equiv. This particular behaviour was reported by the Pull <osioniusx@yahoo.com>.
Exploitation of this vulnerability may allow for remote attackers to execute any program on a client system. MSIE 6 is confirmed vulnerable; previous versions may be as well.
以下网址有攻击实例 http://www.osioniusx.com/
暂无解决方案
|