PassiveX

[mmiller at hick.org (mmiller at hick.org)]

On Thu, May 12, 2005 at 03:28:38PM +0000, VITO DE LAURENTIS wrote:
> some html here

PassiveX is not an attack vector, it is a post-exploitation payload that
allows you to build a streaming connection through an HTTP tunnel
between the target and the attacker.  It does this by using a stub
payload that modifies Internet Explorer's zone restrictions to make it
possible to execute ActiveX controls and then spawns a hidden instance
of Internet Explorer pointed at a URL that the attacker controls (which
is expected to have an embedded ActiveX control).  Please read through
the documentation at http://www.uninformed.org/?v=1&a=3&t=sumry for more
information.