[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] ADODB.Stream object

To: "Richard M. Smith" <rms@computerbytesman.com>, "'jelmer'" <jkuperus@planet.nl>, <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] ADODB.Stream object
From: "Thor Larholm" <lists.netsys.com@jscript.dk>
Date: Tue, 26 Aug 2003 20:42:19 +0200

> From: "Richard M. Smith" <rms@computerbytesman.com>
> Agreed.  However, I would go one step further.  I don't think that the
> typical user has a need for HTML Applications and Windows Scripting
> Host.  Both of these features along with their associated ActiveX
> controls should be disabled by default in Windows XP.  They make writing
> malware too easy.

HTML Applications and the Windows Scripting Host both run on the same level as
ordinary executables, and opening them is no different than opening EXE files.
Neither are accessible from HTML.

ActiveX is, though.



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] ADODB.Stream object
  - From: "Richard M. Smith" <rms@computerbytesman.com>

References:
- RE: [Full-Disclosure] ADODB.Stream object
  - From: "Richard M. Smith" <rms@computerbytesman.com>

Prev by Date: Re: [Full-Disclosure] CERT Employee Gets Owned [Way Off Topic]
Next by Date: RE: [Full-Disclosure] CERT Employee Gets Owned
Prev by thread: RE: [Full-Disclosure] ADODB.Stream object
Next by thread: RE: [Full-Disclosure] ADODB.Stream object
Index(es):
- Date
- Thread