Not to diminish the importance of Georgi's find, but you can prevent the exploit by changing the default, "Medium" security setting for the Internet Zone, to "High", or simply disabling "Script ActiveX controls marked safe for scripting". As opposed to disabling "Run ActiveX controls or plug-ins" or disabling scripting completely. Anyone following Richard Smith's finds in scriptable components from Compaq, HP, et al may already have done this...;-] Its also worth pointing that while Georgi's page nicely disclaims all liabilities, etc... but it exploits you before you get a chance to read that...;-] (Well, actually it exploits you if your systemroot is "\windows", otherwise it generates a script error). I'm pretty sure you could use the environment variable "%systemroot%" in place of any instances of a hard coded directory name. I think it would be interpreted correctly by the client. Cheers, Russ - NTBugtraq Editor
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:33 PDT