Bugtraq mailing list archives
Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)
From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Thu, 25 Apr 2002 08:32:34 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 01:51 AM 4/25/2002, 3APA3A wrote:
Dear Menashe Eliezer, Sorry for asking, but it's unclear from advisory: is it possible to access reports with either: 1. ActiveX element marked safe for scripting 2. Javascript or VBscript from "Internet" security zone
Not only would the "active content" object have to meet those criteria, but the script would also have to be able to discern the currently logged on user in order to see where to look in the "Documents and Settings" tree. So, now it boils down to opening an attachment or running a trojan or blah, blah, blah. Microsoft's response hit the bulls-eye for this non-existent "exploit." AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPMghkohsmyD15h5gEQIS8QCeP7KGUXpBaoIjSANa+rlv+GsJg/0AoIxy W12BsxCwT3/WeJgv7ZiT5Xt2 =0STl -----END PGP SIGNATURE-----
Current thread:
- Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) Menashe Eliezer (Apr 24)
- Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) 3APA3A (Apr 25)
- Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) Deus, Attonbitus (Apr 25)
- RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) Menashe Eliezer (Apr 25)
- Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) 3APA3A (Apr 25)