mailing list archives
RE: [Full-Disclosure] Microsoft MCWNDX.OCX ActiveX buffer overflow
From: "Jason Coombs" <jasonc () science org>
Date: Wed, 13 Aug 2003 09:36:25 -1000
What about pointing the OBJECT tag codebase to a known, or probable, location
on the victim's own hard drive?
does, so a local codebase reference should work as a technique to silently
activate any Microsoft-signed ActiveX control.
But I could be mistaken, this is commentary from memory not experimental
I'd much rather spend my time conducting security audits of Linux and trying
to help those companies threatened by SCO's copyright claims defend themselves
jasonc () science org
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Thor Larholm
Sent: Wednesday, August 13, 2003 8:22 AM
To: Tri Huynh; bugtraq () securityfocus com
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-Disclosure] Microsoft MCWNDX.OCX ActiveX buffer
The MCWNDX.OCX binary is digitally signed by Microsoft, and as such you can
plant it on the users machine just by pointing the codebase attribute of your
OBJECT tag to an archived copy of the file on your own server.
This also applies to other outdated ActiveX controls, even when a newer
(patched) version exists and is installed on the users machine you can still
re-introduce the old, buggy version since it is digitally signed by Microsoft.
PivX Solutions, LLC - Senior Security Researcher
- RE: [Full-Disclosure] Microsoft MCWNDX.OCX ActiveX buffer overflow Jason Coombs (Aug 13)