Sami Kuhmonen wrote: > There is a severe bug in Internet Explorer 5's security system concerning > ActiveX components on web pages. > > If you go to a web page that has an evil ActiveX component (for example, > the component shuts down Windows) and tell IE to run the component, of > course it runs it. After that you know that you do not want to run that > component. But what happens when you go to that page later? IE5 asks > whether you want to run this component or not. Say no, and it still runs > it! I tested this feature on a Win98 box with the strict security setting and could not reproduce this. Except for the repeated requests to install/run the control. Particularly tested was the portion where you say 'no' and it still runs it. Could it be possible that you had already said a prior 'yes' and the control was now cached on your system? Additionally, it has never been a good idea to run a control without the appropriate digital signature. Fl@w The aim is to showcase their fl@w's and not to xpl0it them. - wise 'ol man with a crystal ball and a serpent snake
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:01 PDT