Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
From: "Peter Wu" <peterwu () hotmail com>
Date: Sat, 2 Mar 2002 11:57:41 +0800

Additionally, you cannot pass a parameter to the executable launched.

----- Original Message -----
From: "Stefan Osterlitz" <stefan () osterlitz de>
To: "GreyMagic Software" <security () greymagic com>
Cc: "BUGTRAQ () SECURITYFOCUS  COM" <BUGTRAQ () securityfocus com>
Sent: Friday, March 01, 2002 7:01 PM
Subject: Re: IE execution of arbitrary commands without Active Scripting or
ActiveX (GM#001-IE)


Solution:
=========

There is no configuration-tweaking workaround for this bug, it will work
as
long as the browser parses HTML. The only possible solution must come in
the
form of a patch from Microsoft.

IMHO this is wrong. you can disable the download of signed / unsigned
activex controls.
my ie version 5.00.2614.3500 w/patches is not vulnerable with that
setting.



Tested on:
==========

IE5.5sp2 Win98, all patches, Active scripting and ActiveX disabled.
IE5.5sp2 NT4 sp6a, all patches, Active scripting and ActiveX disabled.
IE6sp1 Win2000 sp2, all patches, Active scripting and ActiveX disabled.
IE6sp1 WinXP, all patches, Active scripting and ActiveX disabled.






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]