[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[connect24h:3119] Re: [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)

To: connect24h@xxxxxxxxxx
Subject: [connect24h:3119] Re: [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
From: Miharu <ensi@xxxxxxxxxxxxxxxx>
Date: Sat, 02 Mar 2002 00:56:32 +0900

瞠です。

IntenetExplorer6でデモサイトを利用すると、
c:\winnt\system32\calc.exe が実行されてしまうのですが、
手元にあったIEコンポーネントを利用したブラウザで再現できずでした。

　確認したもの(どちらも最新ではないですが…)
　　MoonBrowser0.40beta5
　　Lunascape0.96β(*1の制限付き)
　　　*1 ActiveXのダウンロード禁止にチェックしてある場合のみ

#calc.exeが起動しないから、脆弱じゃないととらえてよいのかなぁ。。。







--[PR]------------------------------------------------------------------
　　　　Powered by FreeML　　　　 -- http://www.freeml.com/ --　　　　
------------------------------------------------------------------[PR]--
<GMO GROUP> Global Media Online  www.gmo.jp

Follow-Ups:
- [connect24h:3120] Re: [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
  - From: 他力本願堂

References:
- [connect24h:3112] [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
  - From: Hiroshi Chonan

Prev by Date: [connect24h:3118] Re: [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
Next by Date: [connect24h:3120] Re: [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
Previous by thread: [connect24h:3121] Re: [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
Next by thread: [connect24h:3120] Re: [FYI]IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
Index(es):
- Date
- Thread