Re: ActiveX
From: Dave Killion (dave.killion_at_gmail.com)
Date: 08/29/05
- Previous message: Andres Molinetti: "Re: ActiveX"
- In reply to: Andres Molinetti: "Re: ActiveX"
- Next in thread: Wil.Allsopp_at_ins.com: "RE: ActiveX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Aug 2005 10:15:01 -0700 To: Andres Molinetti <andymolinetti@hotmail.com>
Here's an ActiveX control vulnerability:
http://secunia.com/advisories/13578/
http://securitytracker.com/alerts/2004/Dec/1012626.html
(Both links refer to the same issue)
Basically, a malicious website using an ActiveX control created by
Windows Media Player can, without any warning, verify the existence of
arbitrary files on a target machine, and in the case of WMA files,
change their contents.
No pop-ups, no 'ActiveX Installation' warnings - it just does it.
This is a realitively benign example - there are others that are much
more nasty - but this should suffice for a customer demonstration.
Enjoy,
-- Dave Killion, CISSP Contributing Author, Configuring NetScreen Firewalls
- Previous message: Andres Molinetti: "Re: ActiveX"
- In reply to: Andres Molinetti: "Re: ActiveX"
- Next in thread: Wil.Allsopp_at_ins.com: "RE: ActiveX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
