[2614] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Ray W. Hiltbrand)
Wed Aug 14 17:58:03 1996
Date: Wed, 14 Aug 1996 14:12:36 -0500
From: "Ray W. Hiltbrand" <Ray.W.Hiltbrand@Eng.Auburn.EDU>
To: Gary Meltzer <garym@softshore.com.au>
CC: Stephen Cobb <stephen@iu.net>, trei@process.com,
www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
The difference is the page may say turn off your computer
but the active X "program" may be advertised itself
as something else such the next killer program or
somethings along those lines.
Gary Meltzer wrote:
>
> On Tue, 13 Aug 1996 17:57:52 -0400, stephen@iu.net wrote:
>
> >>Some guy has written an ActiveX control which crashes windoze95... I don't
> >>use windoze so can't try it, but if someone else is brave, I'd love to know
> >>if it works...
> >>
> >
> >Yes, it works, turns off the machine...quite impressive.
>
> Which part do people find the most impressive? -
> that the Win95 shutdown API works as documented
> or that all these security experts are downloading and running
> software designed to do something they don't want?
>
> How does this control differ from an HTML page that tells
> readers to turn the power switch off?
>
> - G.
--
Ray W. Hiltbrand Ray.W.Hiltbrand@eng.auburn.edu
Engineering Network Services
Auburn University http://www.eng.auburn.edu/~rayh/rayh.html
If it doesn't do what you want, subclass and override.
