mailing list archives
From: Dave Killion <dave.killion () gmail com>
Date: Mon, 29 Aug 2005 10:15:01 -0700
Here's an ActiveX control vulnerability:
(Both links refer to the same issue)
Basically, a malicious website using an ActiveX control created by
Windows Media Player can, without any warning, verify the existence of
arbitrary files on a target machine, and in the case of WMA files,
change their contents.
No pop-ups, no 'ActiveX Installation' warnings - it just does it.
This is a realitively benign example - there are others that are much
more nasty - but this should suffice for a customer demonstration.
Dave Killion, CISSP
Contributing Author, Configuring NetScreen Firewalls