------=_NextPart_000_0153_01BF7FF9.87FC33E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I created my NewsBug approximately 2-3 months ago but never did = anything further with it as I have a lot of other projects I am working = on. I reported this to MS on Feb 17 while attending the W2K launch; but = haven't heard anything from them since. Basically what it is : a web = page or an email that when viewed in Outlook (all versions 4.0 and up) = and Netscape all versions 4.0 and up that have been set up and are the = default email and news reader. with JavaScript and html view enabled. = When the web page is viewed it opens up OE or NS and starts making bogus = news group file entries, it doesn't subscribe to them cause they don't = exist; but it forces the user to manually delete them. to view a POC go = to: http://www.zoomnet.net/~quick/error/newsbug.html During testing in approximately 50% of the time OE would crash before it = can be stopped, and when OE is opened back up instead of it coming up = and saying OE wasn't shut down properly and the page is not being showed = because of possible security concerns, doesn't come up; but instead when = OE is rebooted it comes back up and starts making them all over again, = well that is if they have it set with the preview pane option enabled = and the order of the messages is to show the newest one at the bottom. For it to work in email it requires an additional file and if you wish = to see a poc of it used in email then send me an email authorizing me to = send it to you; because I am not in the habit of sending unsolicited = malicious code through email. Fix: NO known fix Work around: Disable JavaScript This next one, I am not sure if it is already known or not, it is = sort of like Georgi Guninskis' word pad code execution but it uses a = .shs (scrap file). It is possible to create a .shs file that contains = executable code then when run outside of word, will execute the code = without opening word. I only mention it because a lot of casual users = are not familure with the file extension and might run it because the = icon looks like a text file. this link = http://www.zoomnet.net/~quick/test/test.shs is to a file that when run will format the A:\ drive it was created by = making an .exe in VB5 pro that does the format, compiling the file into = an .exe file then right clicking the .exe file and choosing copy and = then opening Word 2K, and right clicking in the document body and = selecting paste, then saving the word document and then closing word, = opening word back up and right clicking on the .exe file and selecting = copy , then closing word, right clicking on the desktop and choosing = paste, the resulting file is a text scrap test.shs, and if test.shs is = opened up formats the A:\ drive without opening up word. If they are = set for double click then double clicking test.shs will format the A:\ = drive and the same if they are set for single click. This is the first time I have contacted you. I received a link to = your page from a friend and they said I should email you and tell you = about these and other stuff I have created. I am NOT a hacker or = anything like that , I am however an avid computer enthusiast. I am = disabled and almost house bound, and in a lot of physical pain. In = order to take my mind off the pain (which the morphine the doctors give = me don't do much for the pain) I have found that if I totally absorb my = mind with the computer I can for short periods of time be almost pain = free. I have been around computers most of my adult life, and while in = the military was trained as a 26T20 (television equipment repairman) and = spent most of my tour in the Army repairing main frame computers. I = have NO degree in programming or any computer related discipline, but I = am self taught. =20 Well this is quite a lengthy email and I am sorry for the size of it. I = hope to hear from you one way or the other about these. ******************************* =20 If at first, you don't succeed; by all means, try again, but.... if you don't succeed the second time, cover up all tracks and pretend it never happened ******************************* Paul Michael Bryant Sr. Gladiators=20 1st AVN 57th AHC 1972-73 My Senior Prom was VietNam ******************************* Fax (603) 388-3801 Dino-Soft Software Inc http://www.zoomnet.net/~quick ------=_NextPart_000_0153_01BF7FF9.87FC33E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial> <DIV><FONT face=3DArial> I created my NewsBug=20 approximately 2-3 months ago but never did anything further with it as I = have a=20 lot of other projects I am working on. I reported this to MS on Feb 17 = while=20 attending the W2K launch; but haven't heard anything from them=20 since. Basically what it is : a web page or an email = that when=20 viewed in Outlook (all versions 4.0 and up) and Netscape all versions = 4.0 and up=20 that have been set up and are the default email and news reader. = with=20 JavaScript and html view enabled. When the web page is viewed it = opens up=20 OE or NS and starts making bogus news group file entries, it doesn't = subscribe=20 to them cause they don't exist; but it forces the user to manually = delete them.=20 to view a POC go to: <A=20 href=3D"http://www.zoomnet.net/~quick/error/newsbug.html">http://www.zoom= net.net/~quick/error/newsbug.html</A></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial>During testing in approximately 50% of the time = OE would=20 crash before it can be stopped, and when OE is opened back up instead of = it=20 coming up and saying OE wasn't shut down properly and the page is not = being=20 showed because of possible security concerns, doesn't come up; but = instead when=20 OE is rebooted it comes back up and starts making them all over again, = well that=20 is if they have it set with the preview pane option enabled and the = order of the=20 messages is to show the newest one at the bottom.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial>For it to work in email it requires an = additional file and=20 if you wish to see a poc of it used in email then send me an email = authorizing=20 me to send it to you; because I am not in the habit of sending = unsolicited=20 malicious code through email.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial>Fix: NO known fix</FONT></DIV> <DIV><FONT face=3DArial>Work around: Disable = JavaScript</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial> This next one, I am not sure if it = is already=20 known or not, it is sort of like Georgi Guninskis' word pad code = execution but=20 it uses a .shs (scrap file). It is possible to create a .shs file = that=20 contains executable code then when run outside of word, will execute the = code=20 without opening word. I only mention it because a lot of casual = users are=20 not familure with the file extension and might run it because the icon = looks=20 like a text file. this link <A=20 href=3D"http://www.zoomnet.net/~quick/test/test.shs">http://www.zoomnet.n= et/~quick/test/test.shs</A></FONT></DIV> <DIV><FONT face=3DArial>is to a file that when run will format the A:\ = drive it=20 was created by making an .exe in VB5 pro that does the format, compiling = the=20 file into an .exe file then right clicking the .exe file and choosing = copy and=20 then opening Word 2K, and right clicking in the document body and = selecting=20 paste, then saving the word document and then closing word, opening word = back up=20 and right clicking on the .exe file and selecting copy , then closing = word,=20 right clicking on the desktop and choosing paste, the resulting file is = a =20 text scrap test.shs, and if test.shs is opened up formats the A:\ = drive=20 without opening up word. If they are set for double click then = double=20 clicking test.shs will format the A:\ drive and the same if they = are set=20 for single click.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial> This is the first time = I have=20 contacted you. I received a link to your page from a friend and = they said=20 I should email you and tell you about these and other stuff I have=20 created. I am NOT a hacker or anything like that , I am = however an=20 avid computer enthusiast. I am disabled and almost house bound, = and in a=20 lot of physical pain. In order to take my mind off the pain (which = the=20 morphine the doctors give me don't do much for the pain) I have found = that if I=20 totally absorb my mind with the computer I can for short periods of time = be=20 almost pain free. I have been around computers most of my adult = life, and=20 while in the military was trained as a 26T20 (television equipment = repairman)=20 and spent most of my tour in the Army repairing main frame = computers. I=20 have NO degree in programming or any computer related discipline, but I = am self=20 taught. </FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial>Well this is quite a lengthy email and I am = sorry for the=20 size of it. I hope to hear from you one way or the other = about=20 these.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial>******************************* <BR>If at = first, you=20 don't succeed;<BR>by all means, try again,<BR> = but....<BR>if=20 you don't succeed the second time,<BR>cover up all tracks and pretend it = never=20 happened<BR>*******************************<BR>Paul Michael Bryant=20 Sr.<BR> Gladiators <BR> 1st AVN = 57th=20 AHC 1972-73<BR>My Senior Prom was=20 VietNam<BR>*******************************<BR> Fax (603)=20 388-3801<BR> Dino-Soft Software Inc<BR> <A=20 href=3D"http://www.zoomnet.net/~quick">http://www.zoomnet.net/~quick</A><= /FONT></DIV></FONT></DIV></BODY></HTML> ------=_NextPart_000_0153_01BF7FF9.87FC33E0--