Full Disclosure: Re: ADODB.Stream object

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: ADODB.Stream object

From: "Thor Larholm" <lists.netsys.com () jscript dk>
Date: Tue, 26 Aug 2003 20:42:19 +0200

From: "Richard M. Smith" <rms () computerbytesman com>
Agreed.  However, I would go one step further.  I don't think that the
typical user has a need for HTML Applications and Windows Scripting
Host.  Both of these features along with their associated ActiveX
controls should be disabled by default in Windows XP.  They make writing
malware too easy.


HTML Applications and the Windows Scripting Host both run on the same level as
ordinary executables, and opening them is no different than opening EXE files.
Neither are accessible from HTML.

ActiveX is, though.



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

ADODB.Stream object jelmer (Aug 26)
- Re: ADODB.Stream object Thor Larholm (Aug 26)
  - RE: ADODB.Stream object Richard M. Smith (Aug 26)
    - Re: ADODB.Stream object Thor Larholm (Aug 26)
    - RE: ADODB.Stream object Richard M. Smith (Aug 26)
    - Re: ADODB.Stream object Stephen Clowater (Aug 26)
    - RE: ADODB.Stream object Nick FitzGerald (Aug 26)
- Re: ADODB.Stream object Nick FitzGerald (Aug 26)
  - Re: ADODB.Stream object jelmer (Aug 27)