[5211] in bugtraq
Re: Active X exploit.
daemon@ATHENA.MIT.EDU (Paul Leach)
Wed Aug 27 19:55:16 1997
Date: Wed, 27 Aug 1997 12:16:06 -0700
Reply-To: Paul Leach <paulle@MICROSOFT.COM>
From: Paul Leach <paulle@MICROSOFT.COM>
X-To: "alan@lxorguk.ukuu.org.uk" <alan@lxorguk.ukuu.org.uk>
To: BUGTRAQ@NETSPACE.ORG
> ----------
> From: alan@lxorguk.ukuu.org.uk[SMTP:alan@lxorguk.ukuu.org.uk]
> Sent: Wednesday, August 27, 1997 1:25 PM
> To: Paul Leach
> Cc: BUGTRAQ@NETSPACE.ORG
> Subject: Re: Active X exploit.
>
> > That's more secure than what I buy at the store.
>
> When sir, was the last time you walked into a store and every time you
> looked at a package it automatically installed itself and ran ?
>
The actual answer: the last time I bought a CD-ROM based package. Take a
look at "autorun.inf" on a CD-ROM.
ActiveX controls from a software vendor only automatically run if you
have previously stated that you are willing to automatically run any
signed code from that software vendor.
Paul
