Re: ActiveX

From: Dave Killion (dave.killion@gmail.com)
Date: Mon Aug 29 2005 - 13:15:01 EDT

• Next message: Wil.Allsopp@ins.com: "RE: ActiveX"
• Previous message: Andres Molinetti: "Re: ActiveX"
• In reply to: Andres Molinetti: "Re: ActiveX"
• Next in thread: Wil.Allsopp@ins.com: "RE: ActiveX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here's an ActiveX control vulnerability:

http://secunia.com/advisories/13578/
http://securitytracker.com/alerts/2004/Dec/1012626.html

(Both links refer to the same issue)

Basically, a malicious website using an ActiveX control created by
Windows Media Player can, without any warning, verify the existence of
arbitrary files on a target machine, and in the case of WMA files,
change their contents.

No pop-ups, no 'ActiveX Installation' warnings - it just does it.

This is a realitively benign example - there are others that are much
more nasty - but this should suffice for a customer demonstration.

Enjoy,

-- 
Dave Killion, CISSP
Contributing Author, Configuring NetScreen Firewalls

• Next message: Wil.Allsopp@ins.com: "RE: ActiveX"
• Previous message: Andres Molinetti: "Re: ActiveX"
• In reply to: Andres Molinetti: "Re: ActiveX"
• Next in thread: Wil.Allsopp@ins.com: "RE: ActiveX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:47 EDT