HTASploit
From: Larry Seltzer (larry_at_larryseltzer.com)
Date: 07/30/03
- Previous message: Henry, Christopher M.: "IAS as a RADIUS server"
- In reply to: Davis, Matt: "RE: ISA Server and Win2k3 standard OS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Tue, 29 Jul 2003 21:27:54 -0400
An IE exploit is alleged at http://www.spywareinfo.com/articles/htasploit/ "that allows
trojans and other malicious software to be introduced onto a machine via Internet
Explorer despite security settings."
I won't bother repeating all the details here, but wonder: If the exploit presumes that
a malicious ActiveX control runs on the system and executes MSHTA.EXE from the Windows
folder, what is the point of the HTA stuff? Once you get a malicious ActiveX control on
the system anything's possible. Am I wrong?
Larry Seltzer
Editor
Ziff Davis Security SuperSite
http://security.ziffdavis.com/
larryseltzer@ziffdavis.com
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
- Previous message: Henry, Christopher M.: "IAS as a RADIUS server"
- In reply to: Davis, Matt: "RE: ISA Server and Win2k3 standard OS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
