-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 01:51 AM 4/25/2002, 3APA3A wrote: >Dear Menashe Eliezer, > >Sorry for asking, but it's unclear from advisory: is it possible to >access reports with either: > >1. ActiveX element marked safe for scripting >2. Javascript or VBscript from "Internet" security zone Not only would the "active content" object have to meet those criteria, but the script would also have to be able to discern the currently logged on user in order to see where to look in the "Documents and Settings" tree. So, now it boils down to opening an attachment or running a trojan or blah, blah, blah. Microsoft's response hit the bulls-eye for this non-existent "exploit." AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPMghkohsmyD15h5gEQIS8QCeP7KGUXpBaoIjSANa+rlv+GsJg/0AoIxy W12BsxCwT3/WeJgv7ZiT5Xt2 =0STl -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 22:27:40 PDT