('binary' encoding is not supported, stored as-is) In-Reply-To: <3C911CA2.90409at_private> >Another thought... will this bug run an executable >from a web page? If so you could just make your >own binary to do whatever you wanted. Like >http://mysiteathome.com/malware.exe or something >along those lines. I would HOPE that it asks to save >the file to disk or even better ignore it all together. tested on XPPro, IE6 latest patches here are my original ActiveX medium settings:: dl signed activex=prompt dl unsigned activex=disable init & script unsafe controls=disable run activeX=enable init & script safe controls=enable if you use 'http://mysiteathome.com/malware.exe' you get an error stating 'your current security settings prohibit running activex...etc.' if you use 'www.mysiteathome.com/malware.exe' it just doesn't work period I then changed to these low settings:: dl signed activex=enable dl unsigned activex=prompt init & script unsafe controls=prompt run activeX=enable init & script safe controls=enable and I was then prompted if I would like to install and run the exe file so that is good...even on the lowest security setting it doesn't work BUT...if you change dl unsigned activex=enable then IE6 will run code from another webserver on the local machine!!!! lata, -Slow2Show- University of Florida
This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 22:27:21 PST