Metasploit mailing list archives
PassiveX DLL restrictions
From: mmiller at hick.org (mmiller at hick.org)
Date: Mon, 13 Mar 2006 08:54:47 -0600
On Mon, Mar 13, 2006 at 12:40:58AM -0800, Ben Heinkel wrote:
Which version of Itnernet Explorer are you using (and on what platform)? The PassiveX payload is designed to enable the download and execution of untrusted ActiveX controls such that this specific scenario doesn't happen, so the fact that you're getting this error means that it isn't working quite right :) We aware of issues with it on versions of Internet Explorer prior to 6.0, but have not heard of issues outside of this specific case.Thanks for the response. Using IE 6.0.2 on XP SP2, going to try connecting from a few other systems this afternoon. Have used default settings for passivex payload, except for hostname which was required. Any ideas what could be going wrong ?
Nothing jumps out at me. The best thing to do would be to launch the exploit and check to see what the following registry values are set to: Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Values: 1004, 1200, 1201, 1001 If I recall correctly, they should all be set to zero. If they are not being set to zero, then that would explain why it's failing in the way that it is. Let us know what the values are set to if they are non-zero.
Current thread:
- PassiveX DLL restrictions Ben Heinkel (Mar 12)
- PassiveX DLL restrictions mmiller at hick.org (Mar 12)
- PassiveX DLL restrictions Ben Heinkel (Mar 13)
- PassiveX DLL restrictions mmiller at hick.org (Mar 13)
- PassiveX DLL restrictions Ben Heinkel (Mar 16)
- PassiveX DLL restrictions Ben Heinkel (Mar 13)
- PassiveX DLL restrictions mmiller at hick.org (Mar 12)