Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rather large MSIE-hole

From: Slow2Show <sl2sho () yahoo com>
Date: 15 Mar 2002 00:04:20 -0000

In-Reply-To: <3C911CA2.90409 () snosoft com>


Another thought... will this bug run an executable
from a web page? If so you could just make your
own binary to do whatever you wanted. Like 
http://mysiteathome.com/malware.exe or something
along those lines. I would HOPE that it asks to save
the file to disk or even better ignore it all together.


tested on XPPro, IE6 latest patches
here are my original ActiveX medium settings::
dl signed activex=prompt
dl unsigned activex=disable
init & script unsafe controls=disable
run activeX=enable
init & script safe controls=enable

if you use 'http://mysiteathome.com/malware.exe&apos; 
you get an error stating 'your current security settings 
prohibit running activex...etc.'

if you use 'www.mysiteathome.com/malware.exe' it 
just doesn't work period

I then changed to these low settings::

dl signed activex=enable
dl unsigned activex=prompt
init & script unsafe controls=prompt
run activeX=enable
init & script safe controls=enable

and I was then prompted if I would like to install and 
run the exe file

so that is good...even on the lowest security setting it 
doesn't work BUT...if you change dl unsigned 
activex=enable then IE6 will run code from another 
webserver on the local machine!!!!

lata,

-Slow2Show-
University of Florida
Previous By Date Next
Previous By Thread Next

Current thread: