[24510] in bugtraq
Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
daemon@ATHENA.MIT.EDU (Stefan Osterlitz)
Fri Mar 1 22:17:45 2002
Message-ID: <001f01c1c110$7ec59500$8000a8c0@osterlitz.net>
From: "Stefan Osterlitz" <stefan@osterlitz.de>
To: "GreyMagic Software" <security@greymagic.com>
Cc: "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ@securityfocus.com>
Date: Fri, 1 Mar 2002 12:01:49 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> Solution:
> =========
> There is no configuration-tweaking workaround for this bug, it will work
as
> long as the browser parses HTML. The only possible solution must come in
the
> form of a patch from Microsoft.
IMHO this is wrong. you can disable the download of signed / unsigned
activex controls.
my ie version 5.00.2614.3500 w/patches is not vulnerable with that setting.
> Tested on:
> ==========
> IE5.5sp2 Win98, all patches, Active scripting and ActiveX disabled.
> IE5.5sp2 NT4 sp6a, all patches, Active scripting and ActiveX disabled.
> IE6sp1 Win2000 sp2, all patches, Active scripting and ActiveX disabled.
> IE6sp1 WinXP, all patches, Active scripting and ActiveX disabled.
