IE5 and Excel 2000 security issue for Windows NT4

Wait 5 seconds and a file shall be created: C:\startup.hta.
You may start it to see the effect. It has also been placed in All Users StartUp folder and will be executed automatically at next logon.

Originally written by Georgi Guninski.
Modified for NT4 by Paul Rogers.

A Windows 95/98 version of this vulnerability can be found at:

For a more detailed description of the vulnerablility, please review the thread on BugTraq at