[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz
str0ke
str0ke at milw0rm.com
Fri May 9 16:13:38 UTC 2008
Steven M. Christey wrote:
> On Fri, 9 May 2008, Rob Keith wrote:
>
>
>> Hey, not sure if other VDBs discount these ActiveX controls when they
>> aren't marked safe for scripting?
>>
>
> Thanks for bringing this up. I must admit to accidentally assuming that
> safe-for-scripting was required :)
>
Yep thanks Rob.
> FYI this looks like a good post from Microsoft:
>
> http://blogs.technet.com/swi/archive/2008/02/03/activex-controls.aspx
>
> One question becomes, what steps did the researcher take to enable and
> exploit these controls in the first place? Is there still a chance where
> a user might activate the control somehow?
>
>
The researcher stated that Rob was correct and that he had IE mis
configured on his end.
/str0ke
More information about the VIM
mailing list