New IE Hole.. Yet So Very Similar...
Results 1 to 7 of 7

Thread: New IE Hole.. Yet So Very Similar...

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    831

    New IE Hole.. Yet So Very Similar...

    Found this newsbytes article on a newish IE Scripting hole, which exploits the GetObject() function of MS JScript and ActiveX Controls allows access to local files.


    Read the Article Here
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"
    Share on Google+

  2. #2
    Damn I got to try that one out. I can't believe I didn't see that one coming.

    Hey Matty your catching up to Casper
    But I'm still on your Tail!
    lol
    Share on Google+

  3. #3
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Hasn't that already been done? It seems like such an obvious exploit. Load an ActiveX object that has write access to the hard disk and bam! you've got an exploit.
    Share on Google+

  4. #4
    Because a hacker must know the name of the file he or she wishes to read, the exploit would most likely be used to target the well- known names of system or data files likely to contain information such as user names and passwords.

    yeah it would be a shot in the dark for any files other than system files.

    time to go rename all my system files cuz M$ didnt release a patch for it yet.....

    brickwall
    Share on Google+

  5. #5
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    Because a hacker must know the name of the file he or she wishes to read, the exploit would most likely be used to target the well- known names of system or data files likely to contain information such as user names and passwords.

    i guess normal users arent that much at risk...
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    Originally posted by s0nIc



    i guess normal users arent that much at risk...
    Well, I dunno about that... normal users passwords n stuff are still stored in files n such... even if the malicious person only goes for index.dat files, some of the urls may contain the username and password, me:password@www.dontlookhere.com.. and normal users often use the same password for a lot of things....

    But I do agree that big users may have more to worry about, for example if the malicious person uses this to steal, say the registry files of that computer, they can find out lots of information about that system which could lead to a possible system breach.. for example, many accounts are stored in the registry, like the Exchange Service Account..

    <You can find that in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    MSExchangeSA.>
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post

    Another flaw on the MS record. If they recieved a dime for each time a security hole was found, they would be richer than they are now.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides