Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: ActiveX
From: Dave Killion <dave.killion () gmail com>
Date: Mon, 29 Aug 2005 10:15:01 -0700

Here's an ActiveX control vulnerability:

http://secunia.com/advisories/13578/
http://securitytracker.com/alerts/2004/Dec/1012626.html

(Both links refer to the same issue)

Basically, a malicious website using an ActiveX control created by
Windows Media Player can, without any warning, verify the existence of
arbitrary files on a target machine, and in the case of WMA files,
change their contents.

No pop-ups, no 'ActiveX Installation' warnings - it just does it.

This is a realitively benign example - there are others that are much
more nasty - but this should suffice for a customer demonstration.

Enjoy,

-- 
Dave Killion, CISSP
Contributing Author, Configuring NetScreen Firewalls


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]