Vulnerability Development mailing list archives
Re: Rather large MSIE-hole
From: Slow2Show <sl2sho () yahoo com>
Date: 15 Mar 2002 09:56:02 -0000
In-Reply-To: <2BCDE6B615475647A66D907BC0AFAF3F02A95B@RC-EXCH01.integres.local>
well if activex is enabled, doing this with a available readable by everyone windows share works
john, my testing at home(please verify) shows that getting an exe via file sharing and remote web server follow the same behavior outlined below: -with security settings set to medium you get a an error prompt....no code is executed on "victim" box -with security settings set to low you get a choice box (yes/no)....code CAN be executed on "victim" box -the only way a user could set themselves up to be vulnerable to this hole is if their "Run Unsigned ActiveX controls" option is set to "enable"....this has to be manually done(or reg) Barring any social engineering that gets them to turn down their security settings, I think most users are safe for now. all of these unpatched IE6 holes are outrageous....come on MS please put out a patch! lata, -Slow2Show- University of Florida "getting an internship in today's economy is like getting a chiapet to grow with out adding the seeds....it just wont happen"
Current thread:
- Re: Rather large MSIE-hole, (continued)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- RE: Rather large MSIE-hole Chad Thunberg (Mar 15)
- Re: Rather large MSIE-hole Joerg Over (Mar 15)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole John Swensson (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole The Blueberry (Mar 14)
- RE: Rather large MSIE-hole Keith Tyler (Mar 15)
- Re: Rather large MSIE-hole Slow2Show (Mar 15)
- RE: Rather large MSIE-hole Tiago Halm (Mar 16)