Overwriting Files with VBScript
Reported March 13, 1998 by Pink Panther

Systems Affected

  • Internet Explorer 4.x
  • VBScript Engine 3.x

Description:

Malicious script code can be used within a Web page to overwrite files on the user"s drives.

Microsoft"s Response:

From: Harry Goodwin \[Microsoft Corporate Security Services\]
Sent: Tuesday, July 21, 1998 11:45 AM

We have looked at this issue and determined it to be a non-security threat. If a user chooses to run an object they download, it will run. Internet Explorer is architected to prompt you before such code is run. If you choose to run it, it will run. This is by design.

To learn more about new NT security concerns, subscribe to NTSD.

Credit:
Reported by: Pink Panther
Posted here at NTSecurity.Net July 20, 1998