[2601] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Joe Shamblin)
Tue Aug 13 09:29:37 1996
Date: Tue, 13 Aug 1996 07:36:26 -0400 (EDT)
From: Joe Shamblin <wjs@cs.duke.edu>
To: davidg@ctt.bellcore.com
cc: www-security@ns2.rutgers.edu, David Gonzalez <davidg@ctt.bellcore.com>
In-Reply-To: <9608122036.AA09552@montana.ctt.bellcore.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Mon, 12 Aug 1996 davidg@ctt.bellcore.com wrote:
> On the other hand, when I did this a second time, I did not get the
> first dialog box (the one about lacking signature). I did get two boxes
> very similar to the one about safe execute.
Remember the caveat on his page, or at least what should be taken as a
caveat:
Exploder, Fred's non-violent demonstration of Active X.
^^^^^^^^^^^
This is a mere example of the problems associated with the program. It
appears to have MUCH more power at the OS level than it should.
Joe
Joe Shamblin wjs@cs.duke.edu
Systems Administrator Department of Computer Science
660-6582 Duke University
