Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)

["Peter Wu" <peterwu () hotmail com>]

Additionally, you cannot pass a parameter to the executable launched.

----- Original Message -----
From: "Stefan Osterlitz" <stefan () osterlitz de>
To: "GreyMagic Software" <security () greymagic com>
Cc: "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ () securityfocus com>
Sent: Friday, March 01, 2002 7:01 PM
Subject: Re: IE execution of arbitrary commands without Active Scripting or
ActiveX (GM#001-IE)


> > Solution:
> > =========
>
> > There is no configuration-tweaking workaround for this bug, it will work
> as
> > long as the browser parses HTML. The only possible solution must come in
> the
> > form of a patch from Microsoft.
>
> IMHO this is wrong. you can disable the download of signed / unsigned
> activex controls.
> my ie version 5.00.2614.3500 w/patches is not vulnerable with that
setting.
> > Tested on:
> > ==========
>
> > IE5.5sp2 Win98, all patches, Active scripting and ActiveX disabled.
> > IE5.5sp2 NT4 sp6a, all patches, Active scripting and ActiveX disabled.
> > IE6sp1 Win2000 sp2, all patches, Active scripting and ActiveX disabled.
> > IE6sp1 WinXP, all patches, Active scripting and ActiveX disabled.