COMMAND

    DevDoc ActiveX Cookie

SYSTEMS AFFECTED

    ActiveX

PROBLEM

    'ryagin' found following.   There is an  ActiveX object,  included
    for example,  in Microsft  MSDN (develper's  e-library), marked as
    safe for  scripting, which  allows to  store special "dev-cookies"
    on user computer.

    Dev-Cookie is a named string of length <=126.  Name is limited  to
    127 characters.  It is saved under

        HKCU\Software\Microsoft\DevDoc\Cookie

    registry key and keeps being available even after system reboots.

    Example code:

        <OBJECT CLASSID="clsid:59CC0C20-679B-11D2-88BD-0800361A1803" WIDTH=100 HEIGHT=100 ID="Cook">
        </OBJECT>
        
        <A HREF="javascript:Cook.putValue('windows','suxx');">put</A>
        <A HREF="javascript:var c=Cook.getValue('windows'); alert('windows is '+c);">get</A>

    - First, click on 'put' link.
    - Second, close you browser window. You can even reboot your PC.
    - Third, click on 'get' link.

    The malicious code is in the

        %Program Files%\Common Files\Microsoft Shared\MSDN\CookDoc.dll

    Tested on: Windows 2000, Windows 98, MSDN April 99, January 2000.

SOLUTION

    Nothing yet.