Penetration Testing mailing list archives
Re: ActiveX
From: Dave Killion <dave.killion () gmail com>
Date: Mon, 29 Aug 2005 10:15:01 -0700
Here's an ActiveX control vulnerability: http://secunia.com/advisories/13578/ http://securitytracker.com/alerts/2004/Dec/1012626.html (Both links refer to the same issue) Basically, a malicious website using an ActiveX control created by Windows Media Player can, without any warning, verify the existence of arbitrary files on a target machine, and in the case of WMA files, change their contents. No pop-ups, no 'ActiveX Installation' warnings - it just does it. This is a realitively benign example - there are others that are much more nasty - but this should suffice for a customer demonstration. Enjoy, -- Dave Killion, CISSP Contributing Author, Configuring NetScreen Firewalls
Current thread:
- ActiveX Andres Molinetti (Aug 26)
- Re: ActiveX paavan shah (Aug 26)
- Re: ActiveX Andres Molinetti (Aug 29)
- Re: ActiveX Dave Killion (Aug 30)
- Re: ActiveX Andres Molinetti (Aug 29)
- <Possible follow-ups>
- RE: ActiveX Wil.Allsopp (Aug 30)
- Re: ActiveX paavan shah (Aug 26)