Grab your free cup holder....

Discussion in 'other security issues & news' started by javacool, Mar 23, 2003.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Get your own free cup holder!

    An interesting (and non-malicious) demonstration of why Active Scripting should be disabled in the Internet Zone...

    EDIT: This link will attempt to open your cd-rom drives. DO NOT click on it if you are in the middle of burning a CD, or if your disk drives are covered by a flip-open door that could cause damage to them.

    http://www.chrisstorer.com/cupholder.htm

    Best regards,

    -Javacool
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    :mad: Hi JC, No frr cup holder for me. All I get is four little vetical green lines followed by " Free cup holder" with more green lines on a black backround. So I assume the Active X component is not working for me - must be doing something right! :D
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    For this demo to work correctly you'll need:

    -Active Scripting enabled in the Internet Zone
    -Windows Media Player 7 or above

    Per the last requirement, all Windows ME and Windows XP PCs should work if Active Scripting is enabled as they come with WMP 7 and WMP8 installed, respectively. If you are one of the lucky few who never downloaded WMP 7 or above, this demo shouldn't work for you.

    Best regards,

    -Javacool
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Good, Think I can live without it! :D
    I do use IE6 with XP but with most things locked down except for trusted sites.
    I also use Opera 7.03 & Beonex.
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Geesh, the lengths I have to go to in order to play with exploits like this. Maybe less protection would be more fun!

    Nah!! :D
     

    Attached Files:

  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi LowWaterMark,

    It sure looks like more fun then going straight to the next page using Opera with nothing happening. :D

    Regards,

    Pieter
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    That it is!!

    If it wasn't for the weaknesses in IE, there'd be a lot less to talk about in the PC security world. ;)

    Actually, what's really funny is how fast people rush out to sites that have these kinds of demos on them when someone posts them. Myself included! :D
     
  8. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I'm a bit confused.. I tried the link because I'm at my folks house in Laredo and wondered if it would work; but it sent me to "Disney-Online" hmph
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Yes, unfortunately they got so much volume when that link got posted on all the security boards that they took it down (I think within a day or two, as I recall now). Oh well. ;)
     
  10. controler

    controler Guest

    It's ok folks,,, I have another ling he he :D

    http://twerked.com/~splice/cupholder.html


    I am wondering if maybe this is the script?

    <html>
    <head>
    <title>Free Cup Holder</TITLE>
    <script language="VBScript">
    <!--
    msgbox "Click here to recieve a free cup holder",64,"Your free cup holder"
    set oWMP = CreateObject("WMPlayer.OCX.7" )
    set colCDROMs = oWMP.cdromCollection
    if colCDROMs.Count >= 1 then
    for i = 0 to colCDROMs.Count - 1
    colCDROMs.Item(i).Eject
    next
    end if
    -->
    </script>
    </head>
    <body link="#FFFF00" text="#00FF00" bgcolor="#000000">
    there ya go.<p>

    courtesy of <a href="http://void.twerked.com">twerked.com</a>
    </html>
     
  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Yes, that's it alright. ;)

    Just the same old cautions here. If you are going to run it, make sure you don't have anything blocking your cd trays from being ejected. And watch your fingers and toes. ;)
     
  12. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    http://www.prosoft.force9.co.uk/pc/cokegift.zip

    It is safe !!!!!!!!!!!!!
     
  13. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    hm well didnt run on my folks puter so i feel a bit better :)
     
  14. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Heh! I don't think I'll bother thanks Mickey. My AV grabbed it :)
     

    Attached Files:

  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    PC-cillin doesn't like humor, eh? :D
     
  16. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Nod also doesn't like it, but i confirm it is quite harmless.
     
Loading...
Thread Status:
Not open for further replies.