Re: HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !

[James Tucker <jftucker () gmail com>]

On Mon, 13 Dec 2004 15:40:32 -0500, James Patterson Wicks
<pwicks () oxygen com> wrote:
> This is what one of our developers came up with:
>
> "I could only find one bypass that uses the DHTML Edit Control ActiveX
> control (clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A) installed with the
> IE.
>
> An example of this is http://www.malware.com/flopup.html
>
> This still showed a popup even when I said block all popups. It
> basically uses this ActiveX control to execute a javascript as follows:
> x.DOM.Script.execScript(shellscript.toString());
> x.DOM.Script.setTimeout("shellscript()");
>
> You could either disable this control (which I don't know if there are
> programs that depend on it). You could also disallow ActiveX controls
> which would break Sharepoint among other things."

Sharepoint portals do actually (mostly) work in Firefox anyway, and
theres no ActiveX there. What doesn't work is the integration system.

It could be argued that such controls should be disabled for all and
explicitly allowed for sites such as portals.

I haven't had a look at the specifics but it appears as if this is an
ActiveX control that is loaded native to the browser (rather than as
an extension), is that correct? If so then surely disabling ActiveX
isn't actually going to stop it?

Given what is claimed by the mail at the start of the thread "We only
deal in the high settings here !" would suggest that ActiveX should
have already been disabled (the default on XPSP2 IIRC).

> Any comments?
>
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Scott Renna
> Sent: Friday, December 10, 2004 11:42 PM
> To: 1 () malware com
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick
> it in the nut !
>
> Beautiful...how many more fun ones like these until people start to
> migrate away from IE.....
>
> http-equiv () excite com wrote:
> > Friday, December 10, 2004
> >
> > Internet Explorer 6 on the gadget commonly known as Windows XP SP2
> enjoys
> > a fairly robust "popup blocker".
> >
> > This little 'thing' has been a major irritation to date. Nothing gets
> past
> > it until now.  Chatter exists that some sites have defeated it on the
> > causal default setting. We only deal in the high settings here !
> >
> > Our Chairman and CEO, Mr. Liu Die Yu takes the sledgehammer and cracks
>
> > open this bothersome little nut like so:
> >
> > http://www.malware.com/flopup.html
> >
> > Notes:
> >
> > 1. Nothing like a bit of irritation to get constructive
> > 2. Additional popup blocker from MSN is also killed, may may Die ! too
> > 3. Get editive before it's too late: http://www.editive.com
> > 4. None
> >
> > End Call
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is 
> addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. 
> Distribution or copying of this e-mail or the information contained herein by anyone other than the intended 
> recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail 
> to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html