Bugtraq mailing list archives
FW: IE 5 and Access 2000 vulnerability - executing programs
From: jjohanss () BU EDU (Jesper M. Johansson)
Date: Wed, 28 Jun 2000 08:20:31 -0400
Sorry Georgi, but I get warnings and errors from your example. The first of which is: "You don't have a source code control program (such as Microsoft Visual SourceSafe) installed on your machine.
I can't replicate that. I recoded the exploit for WinNT and to take out the warning. I tried it both on a system that has VSS and one that doesn't (but only with my recoded exploit) and it works fine.
Access is trying to start wordpad.exe
This is hard-coded into the exploit. I just recoded it and took that out. Works like a charm!
which (when I click ok) returns an error : "Invalid procedure call or
argument". It should say "file not found." Again, yes, the sample is specifically designed for Win98. Wordpad does not exist in that location on NT 4 or 5. However, after I recoded the exploit to work on Winnt, it works silently, and without needing VSS installed. This is REALLY dangerous. I also discovered a serious problem here. I have IE set to prompt on running ActiveX controls. It does prompt me; but not until AFTER it already downloaded and opened the Access database. Even disabling ActiveX controls altogether does not solve this! Disabling Active Scripting does not help either. Let me put this another way: there appears to be no way to use the security settings in IE to guard against this problem! Jesper M. Johansson
Current thread:
- IE 5 and Access 2000 vulnerability - executing programs Georgi Guninski (Jun 27)
- <Possible follow-ups>
- Re: IE 5 and Access 2000 vulnerability - executing programs Paul Rogers (Jun 28)
- FW: IE 5 and Access 2000 vulnerability - executing programs Jesper M. Johansson (Jun 28)