|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IE 5.0 allows executing programs
Russ (Russ.Cooper
RC.ON.CA)
Tue, 24 Aug 1999 18:53:57 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Russ: "Re: FW: DCOM attack against NT using VB6"
- Previous message: Seth Cohn: "Re: Notes Test Confirmed! (It kills the server)"
- Next in thread: L. Sassaman: "Local DoS in FreeBSD"
- Next in thread: David LeBlanc: "Re: IE 5.0 allows executing programs"
- Reply: L. Sassaman: "Local DoS in FreeBSD"
Not to diminish the importance of Georgi's find, but you can prevent the
exploit by changing the default, "Medium" security setting for the
Internet Zone, to "High", or simply disabling "Script ActiveX controls
marked safe for scripting". As opposed to disabling "Run ActiveX
controls or plug-ins" or disabling scripting completely.
Anyone following Richard Smith's finds in scriptable components from
Compaq, HP, et al may already have done this...;-]
Its also worth pointing that while Georgi's page nicely disclaims all
liabilities, etc... but it exploits you before you get a chance to read
that...;-] (Well, actually it exploits you if your systemroot is
"\windows", otherwise it generates a script error). I'm pretty sure you
could use the environment variable "%systemroot%" in place of any
instances of a hard coded directory name. I think it would be
interpreted correctly by the client.
Cheers,
Russ - NTBugtraq Editor
- Next message: Russ: "Re: FW: DCOM attack against NT using VB6"
- Previous message: Seth Cohn: "Re: Notes Test Confirmed! (It kills the server)"
- Next in thread: L. Sassaman: "Local DoS in FreeBSD"
- Next in thread: David LeBlanc: "Re: IE 5.0 allows executing programs"
- Reply: L. Sassaman: "Local DoS in FreeBSD"
This archive was generated by hypermail 2.0b3 on Thu Aug 26 1999 - 06:05:38 CDT