------=_NextPart_000_0153_01BF7FF9.87FC33E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I created my NewsBug approximately 2-3 months ago but never did = anything further with it as I have a lot of other projects I am working = on. I reported this to MS on Feb 17 while attending the W2K launch; but = haven't heard anything from them since. Basically what it is : a web = page or an email that when viewed in Outlook (all versions 4.0 and up) = and Netscape all versions 4.0 and up that have been set up and are the = default email and news reader. with JavaScript and html view enabled. = When the web page is viewed it opens up OE or NS and starts making bogus = news group file entries, it doesn't subscribe to them cause they don't = exist; but it forces the user to manually delete them. to view a POC go = to: http://www.zoomnet.net/~quick/error/newsbug.html During testing in approximately 50% of the time OE would crash before it = can be stopped, and when OE is opened back up instead of it coming up = and saying OE wasn't shut down properly and the page is not being showed = because of possible security concerns, doesn't come up; but instead when = OE is rebooted it comes back up and starts making them all over again, = well that is if they have it set with the preview pane option enabled = and the order of the messages is to show the newest one at the bottom. For it to work in email it requires an additional file and if you wish = to see a poc of it used in email then send me an email authorizing me to = send it to you; because I am not in the habit of sending unsolicited = malicious code through email. Fix: NO known fix Work around: Disable JavaScript This next one, I am not sure if it is already known or not, it is = sort of like Georgi Guninskis' word pad code execution but it uses a = .shs (scrap file). It is possible to create a .shs file that contains = executable code then when run outside of word, will execute the code = without opening word. I only mention it because a lot of casual users = are not familure with the file extension and might run it because the = icon looks like a text file. this link = http://www.zoomnet.net/~quick/test/test.shs is to a file that when run will format the A:\ drive it was created by = making an .exe in VB5 pro that does the format, compiling the file into = an .exe file then right clicking the .exe file and choosing copy and = then opening Word 2K, and right clicking in the document body and = selecting paste, then saving the word document and then closing word, = opening word back up and right clicking on the .exe file and selecting = copy , then closing word, right clicking on the desktop and choosing = paste, the resulting file is a text scrap test.shs, and if test.shs is = opened up formats the A:\ drive without opening up word. If they are = set for double click then double clicking test.shs will format the A:\ = drive and the same if they are set for single click. This is the first time I have contacted you. I received a link to = your page from a friend and they said I should email you and tell you = about these and other stuff I have created. I am NOT a hacker or = anything like that , I am however an avid computer enthusiast. I am = disabled and almost house bound, and in a lot of physical pain. In = order to take my mind off the pain (which the morphine the doctors give = me don't do much for the pain) I have found that if I totally absorb my = mind with the computer I can for short periods of time be almost pain = free. I have been around computers most of my adult life, and while in = the military was trained as a 26T20 (television equipment repairman) and = spent most of my tour in the Army repairing main frame computers. I = have NO degree in programming or any computer related discipline, but I = am self taught. =20 Well this is quite a lengthy email and I am sorry for the size of it. I = hope to hear from you one way or the other about these. ******************************* =20 If at first, you don't succeed; by all means, try again, but.... if you don't succeed the second time, cover up all tracks and pretend it never happened ******************************* Paul Michael Bryant Sr. Gladiators=20 1st AVN 57th AHC 1972-73 My Senior Prom was VietNam ******************************* Fax (603) 388-3801 Dino-Soft Software Inc http://www.zoomnet.net/~quick ------=_NextPart_000_0153_01BF7FF9.87FC33E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
     I created my NewsBug=20 approximately 2-3 months ago but never did anything further with it as I = have a=20 lot of other projects I am working on. I reported this to MS on Feb 17 = while=20 attending the W2K launch; but haven't heard anything from them=20 since.   Basically what it is : a web page or an email = that when=20 viewed in Outlook (all versions 4.0 and up) and Netscape all versions = 4.0 and up=20 that have been set up and are the default email and news reader.  = with=20 JavaScript and html view enabled.  When the web page is viewed it = opens up=20 OE or NS and starts making bogus news group file entries, it doesn't = subscribe=20 to them cause they don't exist; but it forces the user to manually = delete them.=20 to view a POC go to: http://www.zoom= net.net/~quick/error/newsbug.html
 
During testing in approximately 50% of the time = OE would=20 crash before it can be stopped, and when OE is opened back up instead of = it=20 coming up and saying OE wasn't shut down properly and the page is not = being=20 showed because of possible security concerns, doesn't come up; but = instead when=20 OE is rebooted it comes back up and starts making them all over again, = well that=20 is if they have it set with the preview pane option enabled and the = order of the=20 messages is to show the newest one at the bottom.
 
For it to work in email it requires an = additional file and=20 if you wish to see a poc of it used in email then send me an email = authorizing=20 me to send it to you; because I am not in the habit of sending = unsolicited=20 malicious code through email.
 
Fix:  NO known fix
Work around:  Disable = JavaScript
 
   This next one, I am not sure if it = is already=20 known or not, it is sort of like Georgi Guninskis' word pad code = execution but=20 it uses a .shs (scrap file).  It is possible to create a .shs file = that=20 contains executable code then when run outside of word, will execute the = code=20 without opening word.  I only mention it because a lot of casual = users are=20 not familure with the file extension and might run it because the icon = looks=20 like a text file.  this link http://www.zoomnet.n= et/~quick/test/test.shs
is to a file that when run will format the A:\ = drive it=20 was created by making an .exe in VB5 pro that does the format, compiling = the=20 file into an .exe file then right clicking the .exe file and choosing = copy and=20 then opening Word 2K, and right clicking in the document body and = selecting=20 paste, then saving the word document and then closing word, opening word = back up=20 and right clicking on the .exe file and selecting copy , then closing = word,=20 right clicking on the desktop and choosing paste, the resulting file is = a =20 text scrap  test.shs, and if test.shs is opened up formats the A:\ = drive=20 without opening up word.  If they are set for double click then = double=20 clicking  test.shs will format the A:\ drive and the same if they = are set=20 for single click.
 
     This is the first time = I have=20 contacted you.  I received a link to your page from a friend and = they said=20 I should email you and tell you about these and other stuff I have=20 created.   I am NOT a hacker or anything like that , I am = however an=20 avid computer enthusiast.  I am disabled and almost house bound, = and in a=20 lot of physical pain.  In order to take my mind off the pain (which = the=20 morphine the doctors give me don't do much for the pain) I have found = that if I=20 totally absorb my mind with the computer I can for short periods of time = be=20 almost pain free.  I have been around computers most of my adult = life, and=20 while in the military was trained as a 26T20 (television equipment = repairman)=20 and spent most of my tour in the Army repairing main frame = computers.  I=20 have NO degree in programming or any computer related discipline, but I = am self=20 taught. 
 
Well this is quite a lengthy email and I am = sorry for the=20 size of it.  I hope to hear from you  one way or the other = about=20 these.
 
******************************* 
If at = first, you=20 don't succeed;
by all means, try again,
    = but....
if=20 you don't succeed the second time,
cover up all tracks and pretend it = never=20 happened
*******************************
Paul Michael Bryant=20 Sr.
       Gladiators
 1st AVN = 57th=20 AHC 1972-73
My Senior Prom was=20 VietNam
*******************************
  Fax (603)=20 388-3801
  Dino-Soft  Software Inc
  http://www.zoomnet.net/~quick<= /FONT>
------=_NextPart_000_0153_01BF7FF9.87FC33E0--