|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ActiveX
From: Dave Killion (dave.killion
gmail.com)
Date: Mon Aug 29 2005 - 12:15:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Here's an ActiveX control vulnerability:
http://secunia.com/advisories/13578/
http://securitytracker.com/alerts/2004/Dec/1012626.html
(Both links refer to the same issue)
Basically, a malicious website using an ActiveX control created by
Windows Media Player can, without any warning, verify the existence of
arbitrary files on a target machine, and in the case of WMA files,
change their contents.
No pop-ups, no 'ActiveX Installation' warnings - it just does it.
This is a realitively benign example - there are others that are much
more nasty - but this should suffice for a customer demonstration.
Enjoy,
--
Dave Killion, CISSP
Contributing Author, Configuring NetScreen Firewalls
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]