Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)

• Previous message: Brendan Butts: "AOL Instant Messenger Servers Patched and...Un-Patched?"
• Next in thread: Peter Wu: "Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)"
• Reply: Peter Wu: "Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)"
• Reply: GreyMagic Software: "RE: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) + Workaround."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Solution:
> =========

> There is no configuration-tweaking workaround for this bug, it will work
as
> long as the browser parses HTML. The only possible solution must come in
the
> form of a patch from Microsoft.

IMHO this is wrong. you can disable the download of signed / unsigned
activex controls.
my ie version 5.00.2614.3500 w/patches is not vulnerable with that setting.



> Tested on:
> ==========

> IE5.5sp2 Win98, all patches, Active scripting and ActiveX disabled.
> IE5.5sp2 NT4 sp6a, all patches, Active scripting and ActiveX disabled.
> IE6sp1 Win2000 sp2, all patches, Active scripting and ActiveX disabled.
> IE6sp1 WinXP, all patches, Active scripting and ActiveX disabled.

• Next message: Maher Odeh: "Re: ... Tiny Personal Firewall ..."
• Previous message: Brendan Butts: "AOL Instant Messenger Servers Patched and...Un-Patched?"
• Next in thread: Peter Wu: "Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)"
• Reply: Peter Wu: "Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)"
• Reply: GreyMagic Software: "RE: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) + Workaround."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 19:17:38 PST