<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: accessing FileSystemObject from within an email message

accessing FileSystemObject from within an email message

From: Shelagh Pepper <spepper_at_WLU.CA>
Date: Thu, 1 Jun 2000 09:02:00 -0400

Please note that the Microsoft patch does not prevent the use of ActiveX controls if the user allows scripts to run and clicks on "Yes" after a warning about unsafe ActiveX controls.

This message will demonstrate the vulnerability for users (Outlook and Outlook express only?) who have the Windows Scripting host installed and enabled, and whose security settings are not optimal.

If your email reader is vulnerable, a window will pop up informing you of the vulnerablity. The script will then create a few files on your hard drive, display the contents, and then delete the files.

Shelagh
Received on Jun 01 2000

This message: [ Message body ]
Next message: Maxime Rousseau: "Re: Outlook/HTML "proggie""
Previous message: Trevor Schroeder: "Re: krb5 1.1.1"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos