[32339] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part

daemon@ATHENA.MIT.EDU (Mike Healan)
Fri Nov 7 18:48:43 2003

Message-ID: <3FAC2750.6090504@spywareinfo.com>
Date: Fri, 07 Nov 2003 18:14:24 -0500
From: Mike Healan <mike@spywareinfo.com>
MIME-Version: 1.0
To: Kurt Seifried <bt@seifried.org>
Cc: bugtraq@securityfocus.com, NTBugtraq@LISTSERV.NTBUGTRAQ.COM
In-Reply-To: <00cb01c3a577$83115bb0$1400000a@bigdog>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Kurt Seifried wrote:

 > If anyone knows a tool for finding out the CLSID of an ActiveX object I
 > would love to know it.

Sorry if this isn't what you're asking. I'm not sure I understood what 
you meant.

HijackThis will enumerate the CLSID associated with any activex control 
found in the Downloaded Program Files folder
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Example:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - 
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - 
http://a840.g.akamai.net/7/840/537/2003031901/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - 
http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - 
http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - 
http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - 
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.0377662037
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime 
Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime 
Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash 
Object) - 
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - 
http://www.m-w.com/tools/toolbar/cabs/m-w.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - 
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB



-- 
Mike Healan
http://www.spywareinfo.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32339] in bugtraq

Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part

daemon@ATHENA.MIT.EDU (Mike Healan)Fri Nov 7 18:48:43 2003

daemon@ATHENA.MIT.EDU (Mike Healan)
Fri Nov 7 18:48:43 2003