A new vulnerability has been discovered :

http://www.securitytracker.com/alerts/2004/Jan/1008843.html

I have tested the sample which allow you to test safely this exploit, and no sandboxe software warned me about the code beeing executed, because it relies on your main browser and windows explorer, which are obviously both allowed.

Some people were asking for proof of a code not blocked by sandboxe softwares, here is one.

We can easily imagine that in the future this vulnerability will be used by many worms...

Be aware that a folder now could not be a folder.

Woow indeed amazing vulnerability.
tiny PF don't warn me
but the the malicious code is in KAV virus database now as the trojan dropper.JS.Mimail.b

thanx for your warning

Hi,gkweb

Thank you for your post!! I also downloaded exploit tool. yeah, I think this is very dangerous exploit especially for "Art of Trojaning"..... :-[

thanks again
Best Regards.

Where did you download the exploit? I went to http://www.malware.com/my.pics.zip and didn't find it.

it seems that the exploit is not anymore available and that they think to sell it ???