[11521] in bugtraq
Re: IE 5.0 allows executing programs
daemon@ATHENA.MIT.EDU (Russ)
Thu Aug 26 07:22:20 1999
Mime-Version: 1.0
Content-Type: text/plain
Message-Id: <61143C10CC8AD211A2F10000F878E6830D572F@ns.rc.on.ca>
Date: Tue, 24 Aug 1999 18:53:57 -0400
Reply-To: Russ <Russ.Cooper@RC.ON.CA>
From: Russ <Russ.Cooper@RC.ON.CA>
X-To: Georgi Guninski <joro@NAT.BG>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Not to diminish the importance of Georgi's find, but you can prevent the
exploit by changing the default, "Medium" security setting for the
Internet Zone, to "High", or simply disabling "Script ActiveX controls
marked safe for scripting". As opposed to disabling "Run ActiveX
controls or plug-ins" or disabling scripting completely.
Anyone following Richard Smith's finds in scriptable components from
Compaq, HP, et al may already have done this...;-]
Its also worth pointing that while Georgi's page nicely disclaims all
liabilities, etc... but it exploits you before you get a chance to read
that...;-] (Well, actually it exploits you if your systemroot is
"\windows", otherwise it generates a script error). I'm pretty sure you
could use the environment variable "%systemroot%" in place of any
instances of a hard coded directory name. I think it would be
interpreted correctly by the client.
Cheers,
Russ - NTBugtraq Editor
