('binary' encoding is not supported, stored as-is) In-Reply-To: <2BCDE6B615475647A66D907BC0AFAF3F02A95B@RC-EXCH01.integres.local> >well if activex is enabled, >doing this with a available readable by everyone >windows share works john, my testing at home(please verify) shows that getting an exe via file sharing and remote web server follow the same behavior outlined below: -with security settings set to medium you get a an error prompt....no code is executed on "victim" box -with security settings set to low you get a choice box (yes/no)....code CAN be executed on "victim" box -the only way a user could set themselves up to be vulnerable to this hole is if their "Run Unsigned ActiveX controls" option is set to "enable"....this has to be manually done(or reg) Barring any social engineering that gets them to turn down their security settings, I think most users are safe for now. all of these unpatched IE6 holes are outrageous....come on MS please put out a patch! lata, -Slow2Show- University of Florida "getting an internship in today's economy is like getting a chiapet to grow with out adding the seeds....it just wont happen"
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 08:06:33 PST