Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

RE: ADODB.Stream object
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 26 Aug 2003 12:46:41 -0400
Hi,

  >>> HTML files, regardless of security zone, should not in 
  >>> themselves be allowed to write to the local file system or 
  >>> execute arbitrary commands. This is precisely
  >>> the purpose of HTML Applications (HTA).

Agreed.  However, I would go one step further.  I don't think that the
typical user has a need for HTML Applications and Windows Scripting
Host.  Both of these features along with their associated ActiveX
controls should be disabled by default in Windows XP.  They make writing
malware too easy.  

Richard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]