ActiveX control download and redirection

From: Martijn Brinkers (m.brinkers_at_pobox.com)
Date: 06/15/04

  • Next message: Michal Ludvig: "Re: authentication bug in KAME's racoon"
    To: <bugtraq@securityfocus.com>
    Date: Tue, 15 Jun 2004 17:17:24 +0200
    
    

    Hi,

    I have been playing around with ActiveX controls and I noticed that IE shows
    the complete URL even though the download has been redirected. From a user
    perspective its a bit unclear where the actual ActiveX control is downloaded
    from.

    example can be found on (a self signed ActiveX control will be downloaded):

    http://www.brinkers.cistron.nl/RedirectYahoo.htm

    It contains the following <OBJECT> tag.

    <OBJECT
       classid="clsid:6A9F9438-754D-4D6A-932C-9C28405634F6"

    codebase="http://rds.yahoo.com/*http://www.brinkers.cistron.nl/RedirectTestP
    roj1.cab#version=1,0,0,0"
    >

    IE now shows a dialog ( http://www.brinkers.cistron.nl/activex.jpg )
    indicating the ActiveX control comes from:

    http://rds.yahoo.com/*http://www.brinkers.cistron.nl/RedirectTestProj1.cab

    but it is actually downloaded from http://www.brinkers.cistron.nl

    Its probably the correct behavior (by design) but I think it can be misused
    in some ways?

    Any comments?

    Martijn Brinkers

    m.brinkers@pobox.com


  • Next message: Michal Ludvig: "Re: authentication bug in KAME's racoon"