Bugtraq mailing list archives

Active X exploit.

From: shipley () DIS ORG (Peter Shipley)
Date: Mon, 25 Aug 1997 15:14:22 -0700


There is a new expliot  for active X


    http://www.network-security.com/activex/

    http://www.dis.org/maglite/



This is a very interesting hole since this is the first time that
someone actually published the source code for examination.  The
code was stolen by maglite from a recent 2600 meeting from the
author, a dude named Toby . But the attack is very interesting in
the sense that allows you to turn off the security restrictins of
Internut Explainer 3.2 using activeX just by connecting to a WWW
page.

Check it out.  It is bundled with the getadmin stuph published by
the Russian named Sokolov (?)


                -Pete

Current thread:

More ssh fun (sshd this time) Ivo van der Wijk (Aug 19)
- Re: More ssh fun (sshd this time) Olaf Titz (Aug 23)
- Sun Security Bulletin #00152 Aleph One (Aug 25)
- Sun Security Bulletin #00153 Aleph One (Aug 25)
- Active X exploit. Peter Shipley (Aug 25)
- Re: More ssh fun (sshd this time) Wietse Venema (Aug 25)
- <Possible follow-ups>
- Re: More ssh fun (sshd this time) Thamer Al-Herbish (Aug 23)
  - Re: More ssh fun (sshd this time) Solar Designer (Aug 27)
  - Re: More ssh fun (sshd this time) Paul H. Hargrove (Aug 27)
- Re: More ssh fun (sshd this time) Christopher Craig (Aug 27)
  - Integer Overflows Solar Designer (Aug 27)