Bugtraq mailing list archives
Re: Active X exploit.
From: paulle () MICROSOFT COM (Paul Leach)
Date: Tue, 26 Aug 1997 16:55:47 -0700
What ActiveX doesn't have is a sandbox. That's different than saying that there's no security. ActiveX controls are _signed_ DLLs. You run the code if you trust the signer. If you do, you know that no one has tampered with the code since the signer signed it. That's more secure than what I buy at the store.
---------- From: Andreas Bogk[SMTP:andreas () ARTCOM DE] Reply To: Andreas Bogk Sent: Tuesday, August 26, 1997 3:40 PM To: BUGTRAQ () NETSPACE ORG Subject: Re: Active X exploit."Peter" == Peter Shipley <shipley () DIS ORG> writes:Peter> There is a new expliot for active X Peter> http://www.network-security.com/activex/ This exploit is not new, a similiar program has been around on http://www.thur.de/home/steffen/activex/index_e.html since march. And the principle is the same on all ActiveX exploits. There simply is no security, ActiveX controls are simple DLLs. Andreas -- Never underestimate the value of fprintf() for debugging purposes.
Current thread:
- Re: Active X exploit. Andreas Bogk (Aug 26)
- <Possible follow-ups>
- Re: Active X exploit. Paul Leach (Aug 26)
- Re: Active X exploit. Casper Dik (Aug 27)
- Re: Active X exploit. David Holland (Aug 27)
- Re: Active X exploit. Alan Cox (Aug 27)
- Re: Active X exploit. Lutz Donnerhacke (Aug 27)
- Re: Active X exploit. Paul Leach (Aug 27)
- Re: Active X exploit. Erik Tornstam (Aug 28)
- Re: Active X exploit. Frank Kargl (Aug 28)