<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: RE: ADODB.Stream object

RE: ADODB.Stream object

From: Richard M. Smith <rms_at_computerbytesman.com>
Date: Tue, 26 Aug 2003 12:46:41 -0400

Hi,

>>> HTML files, regardless of security zone, should not in
>>> themselves be allowed to write to the local file system or
>>> execute arbitrary commands. This is precisely
>>> the purpose of HTML Applications (HTA).

Agreed. However, I would go one step further. I don't think that the
typical user has a need for HTML Applications and Windows Scripting
Host. Both of these features along with their associated ActiveX
controls should be disabled by default in Windows XP. They make writing
malware too easy.

Richard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Aug 26 2003

This message: [ Message body ]
Next message: Brad Bemis: "RE: CERT Employee Gets Owned"
Previous message: jbarbo1_at_umbc.edu: "Re: towards a taxonomy of Information Assurance (IA)"
In reply to: Thor Larholm: "Re: ADODB.Stream object"
Next in thread: Thor Larholm: "Re: ADODB.Stream object"
Reply: Thor Larholm: "Re: ADODB.Stream object"
Reply: Stephen Clowater: "Re: ADODB.Stream object"
Reply: Nick FitzGerald: "RE: ADODB.Stream object"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos