Vulnerability Development mailing list archives
Re: Rather large MSIE-hole
From: Slow2Show <sl2sho () yahoo com>
Date: 15 Mar 2002 00:04:20 -0000
In-Reply-To: <3C911CA2.90409 () snosoft com>
Another thought... will this bug run an executable from a web page? If so you could just make your own binary to do whatever you wanted. Like http://mysiteathome.com/malware.exe or something along those lines. I would HOPE that it asks to save the file to disk or even better ignore it all together.
tested on XPPro, IE6 latest patches here are my original ActiveX medium settings:: dl signed activex=prompt dl unsigned activex=disable init & script unsafe controls=disable run activeX=enable init & script safe controls=enable if you use 'http://mysiteathome.com/malware.exe' you get an error stating 'your current security settings prohibit running activex...etc.' if you use 'www.mysiteathome.com/malware.exe' it just doesn't work period I then changed to these low settings:: dl signed activex=enable dl unsigned activex=prompt init & script unsafe controls=prompt run activeX=enable init & script safe controls=enable and I was then prompted if I would like to install and run the exe file so that is good...even on the lowest security setting it doesn't work BUT...if you change dl unsigned activex=enable then IE6 will run code from another webserver on the local machine!!!! lata, -Slow2Show- University of Florida
Current thread:
- RE: Rather large MSIE-hole, (continued)
- RE: Rather large MSIE-hole Ryan Sweat (Mar 14)
- Re: Rather large MSIE-hole Keegan (Mar 14)
- RE: Rather large MSIE-hole Ryan Sweat (Mar 14)
- Re: Rather large MSIE-hole Eric V Brown (Mar 14)
- RE: Rather large MSIE-hole Wall, Kevin (Mar 14)
- Re: Rather large MSIE-hole Paul D. Campbell (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- RE: Rather large MSIE-hole Chad Thunberg (Mar 15)
- Re: Rather large MSIE-hole Joerg Over (Mar 15)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole John Swensson (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole The Blueberry (Mar 14)
- RE: Rather large MSIE-hole Keith Tyler (Mar 15)
- Re: Rather large MSIE-hole Slow2Show (Mar 15)
- RE: Rather large MSIE-hole Tiago Halm (Mar 16)