[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz
Steven M. Christey
coley at linus.mitre.org
Fri May 9 16:06:17 UTC 2008
On Fri, 9 May 2008, Rob Keith wrote:
> Hey, not sure if other VDBs discount these ActiveX controls when they
> aren't marked safe for scripting?
Thanks for bringing this up. I must admit to accidentally assuming that
safe-for-scripting was required :)
FYI this looks like a good post from Microsoft:
http://blogs.technet.com/swi/archive/2008/02/03/activex-controls.aspx
One question becomes, what steps did the researcher take to enable and
exploit these controls in the first place? Is there still a chance where
a user might activate the control somehow?
- Steve
More information about the VIM
mailing list