|
|
Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities': msg#00378security.bugtraq
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 01:51 AM 4/25/2002, 3APA3A wrote: >Dear Menashe Eliezer, > >Sorry for asking, but it's unclear from advisory: is it possible to >access reports with either: > >1. ActiveX element marked safe for scripting >2. Javascript or VBscript from "Internet" security zone Not only would the "active content" object have to meet those criteria, but the script would also have to be able to discern the currently logged on user in order to see where to look in the "Documents and Settings" tree. So, now it boils down to opening an attachment or running a trojan or blah, blah, blah. Microsoft's response hit the bulls-eye for this non-existent "exploit." AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPMghkohsmyD15h5gEQIS8QCeP7KGUXpBaoIjSANa+rlv+GsJg/0AoIxy W12BsxCwT3/WeJgv7ZiT5Xt2 =0STl -----END PGP SIGNATURE----- |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list): 00378, Menashe Eliezer |
|---|---|
| Next by Date: | slrnpull -d PoC: 00378, KF |
| Previous by Thread: | Fragroute and ISS (NetworkICE) products: a brief analysisi: 00378, Chris Deibler |
| Next by Thread: | slrnpull -d PoC: 00378, KF |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |