[5186] in bugtraq
Active X exploit.
daemon@ATHENA.MIT.EDU (Peter Shipley)
Tue Aug 26 17:36:22 1997
Date: Mon, 25 Aug 1997 15:14:22 -0700
Reply-To: Peter Shipley <shipley@DIS.ORG>
From: Peter Shipley <shipley@DIS.ORG>
To: BUGTRAQ@NETSPACE.ORG
There is a new expliot for active X
http://www.network-security.com/activex/
http://www.dis.org/maglite/
This is a very interesting hole since this is the first time that
someone actually published the source code for examination. The
code was stolen by maglite from a recent 2600 meeting from the
author, a dude named Toby . But the attack is very interesting in
the sense that allows you to turn off the security restrictins of
Internut Explainer 3.2 using activeX just by connecting to a WWW
page.
Check it out. It is bundled with the getadmin stuph published by
the Russian named Sokolov (?)
-Pete
