activex questions
From: JoshB (metrix007@yahoo.com)
Date: 04/10/03
- Next message: Keith Pratt: "Re: End of all Open Source."
- Previous message: Jem Berkes: "Decoding of non-ASCII in headers, security issues?"
- Next in thread: sponge: "Re: activex questions"
- Reply: sponge: "Re: activex questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: metrix007@yahoo.com (JoshB) Date: 10 Apr 2003 07:22:30 -0700
HI,
I have been researching this, and there are some things that are not
clear.
By default, is it possible for hostile active code to execute without
user interaction, not including vulnerabilities?
What exactly is activex scripting capable of, I notice it is suggested
to enable it, and it is enabled by default.
ACtivex has complete control of target system?
Is it possible to "spoof" activex controls, so if one purports to be
from a trusted corp, ie ms, it will automaticly run without user
interaction?
Are there any examples of pages that can automaticly run code, install
spyware etc without user interaction, and without taking advantaged of
vulnerabilities?
I had assumed the above was possible, and a *lot* of people do,
however I am unable to find evidence of this..
Thanks for any explanations.
- Next message: Keith Pratt: "Re: End of all Open Source."
- Previous message: Jem Berkes: "Decoding of non-ASCII in headers, security issues?"
- Next in thread: sponge: "Re: activex questions"
- Reply: sponge: "Re: activex questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
