VULHUB ™

It is possible to remotely execute Visual Basic for Applications (VBA) code on systems running Internet Explorer 5.01 and Access 2000 or 97 through web pages or HTML email messages utilizing IFRAME without the user's consent or acknowledgement. *.mdb files can be created which contain VBA code, including the shell() command which can be used to run any executable file already on the system. These mdb files can then be referenced from an object tag in any html file loaded by the browser. The code will still execute even if the option of "Run ActiveX controls and plug-ins" is set to disable or prompt.

It is possible to remotely execute Visual Basic for Applications (VBA) code on systems running Internet Explorer 5.01 and Access 2000 or 97 through web pages or HTML email messages utilizing IFRAME without the user's consent or acknowledgement. *.mdb files can be created which contain VBA code, including the shell() command which can be used to run any executable file already on the system. These mdb files can then be referenced from an object tag in any html file loaded by the browser. The code will still execute even if the option of "Run ActiveX controls and plug-ins" is set to disable or prompt.