Bugtraq mailing list archives

Re: IE5 ActiveX security bug

From: hshittu () CAS ORG (Hakeem Shittu)
Date: Tue, 3 Aug 1999 15:03:18 -0400


Sami Kuhmonen wrote:

There is a severe bug in Internet Explorer 5's security system concerning
ActiveX components on web pages.

If you go to a web page that has an evil ActiveX component (for example,
the component shuts down Windows) and tell IE to run the component, of
course it runs it. After that you know that you do not want to run that
component. But what happens when you go to that page later? IE5 asks
whether you want to run this component or not. Say no, and it still runs
it!


I tested this feature on a Win98 box with the strict security setting and
could not reproduce this. Except for the repeated requests to install/run
the control. Particularly tested was the portion where you say 'no' and it
still runs it. Could it be possible that you had already said a prior 'yes'
and the control was now cached on your system?

Additionally, it has never been a good idea to run a control without the
appropriate digital signature.

Fl@w

The aim is to showcase their The aim is to showcase their fl@w's
and not to xpl0it them. - wise 'ol man with a crystal ball and a serpent
snake

Current thread:

Re: FW-1 DOS attack: PART II Spitzner, Lance (Jul 31)
- <Possible follow-ups>
- Re: FW-1 DOS attack: PART II Ramon Krikken (Aug 01)
  - Re: FW-1 DOS attack: PART II Spitzner, Lance (Aug 01)
    - Re: FW-1 DOS attack: PART II Steve Birnbaum (Aug 03)
  - IE5 ActiveX security bug Sami Kuhmonen (Aug 01)
    - Re: IE5 ActiveX security bug Adam H. Pendleton (Aug 03)
    - Re: IE5 ActiveX security bug Hakeem Shittu (Aug 03)
  - Fwd: [SECURITY] New version of samba released Chris Ruvolo (Aug 01)
  - midnight commander vulnerability(?) (fwd) coda (Aug 01)
- Re: FW-1 DOS attack: PART II Sean Boyle (Aug 02)
  - Re: FW-1 DOS attack: PART II Darren Reed (Aug 03)
- Re: FW-1 DOS attack: PART II Leif Sawyer (Aug 03)
- Re: FW-1 DOS attack: PART II Darren Reed (Aug 05)