exshell jexploit

# source: https://www.securityfocus.com/bid/548/info # # A vulnerability affects Microsoft's Jet 3.51 and 4.0 driver (MSJET35.DLL and MSJET40.DLL). # # This vulnerability could allow an attacker to create malicious '.xls' or '.doc' files incorporating VBA shell commands. When the file is opened, the shell commands contained in the file will execute on the target system. Command execution will occur in the context of the user that is opening the file. # # The file could be distributed via email, the web (including in hidden frames), or any number of methods. # exshell jexploit This is a benign demonstration of the Jet 3.51 vulnerability documented by J.C.G. Cuartango.
This vulnerability affects users of Office95/97 with Jet database engine versions around 3.5 (tested 3.51.1029.00)

On the bottom of this page is an invisible, embedded .xls file that will do a few things if you double-click it:
1. Get a welcome note from ftp.aol.com and write it to your hd as c:\ftptest.txt
2. Write a log file of the ftp session to your hd as c:\jexploit.log
3. Open regedit.exe on your computer.

There are no macros, so there are no macro warnings. There are currently (8/3/99) no AV products to stop this.
This could be changed slightly to format your hd without prompts or perform several other devastating functions.

The purpose of this demonstration is as follows:
1. To have some innocent fun.
2. To demonstrate how to have fun.
3. To show the vulnerabilities in yet another M$ product.
4. To alert the AV people that they need to work on this problem.

If you use IE or see a broken link next to the arrow just click here. Probably your browser can't view embedded xls.
The malicious potential of this exploit is great.

Have a nice day!!! -ßrootFôrce

this is a test of the emergency broadcast system.

click this here thingy to test==>