Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: ADODB.Stream object
From: Stephen Clowater <steve () stevesworld hopto org>
Date: Tue, 26 Aug 2003 18:29:07 -0300

Hash: SHA1

On August 26, 2003 01:46 pm, Richard M. Smith wrote:

  >>> HTML files, regardless of security zone, should not in
  >>> themselves be allowed to write to the local file system or
  >>> execute arbitrary commands. This is precisely
  >>> the purpose of HTML Applications (HTA).

Agreed.  However, I would go one step further.  I don't think that the
typical user has a need for HTML Applications and Windows Scripting
Host.  Both of these features along with their associated ActiveX
controls should be disabled by default in Windows XP.  They make writing
malware too easy.

Doing this would break windows update and Outlook Express, and the windows 
help and support center.

Many parts of windows were designed specificly with this behavior in mind. In 
order to do what your recomending, Most of Windows from 2000 up, would need 
to be re-designed.

Not that this is at all bad :) 


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

- -- 
- -

Stephen Clowater

What is the difference between a Turing machine and the modern computer?
It's the same as that between Hillary's ascent of Everest and the
establishment of a Hilton on its peak.

The 3 case C++ function to determine the meaning of life:

char *meaingOfLife(){

#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? 

char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");

cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");

return Meaning_of_your_life;


Version: GnuPG v1.2.2 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]