|
-
January 3rd, 2002, 03:33 AM
#1
New IE Hole.. Yet So Very Similar...
Found this newsbytes article on a newish IE Scripting hole, which exploits the GetObject() function of MS JScript and ActiveX Controls allows access to local files.
Read the Article Here
-Matty_Cross
\"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
But when you\'re good and crazy, hehe, the skies the limit!!\"
-
January 3rd, 2002, 04:32 AM
#2
Damn I got to try that one out. I can't believe I didn't see that one coming.
Hey Matty your catching up to Casper
But I'm still on your Tail!
lol
-
January 3rd, 2002, 05:56 AM
#3
Hasn't that already been done? It seems like such an obvious exploit. Load an ActiveX object that has write access to the hard disk and bam! you've got an exploit.
-
January 3rd, 2002, 07:07 AM
#4
Member
Because a hacker must know the name of the file he or she wishes to read, the exploit would most likely be used to target the well- known names of system or data files likely to contain information such as user names and passwords.
yeah it would be a shot in the dark for any files other than system files.
time to go rename all my system files cuz M$ didnt release a patch for it yet.....
brickwall
-
January 3rd, 2002, 09:22 AM
#5
Because a hacker must know the name of the file he or she wishes to read, the exploit would most likely be used to target the well- known names of system or data files likely to contain information such as user names and passwords.
i guess normal users arent that much at risk...
-
January 3rd, 2002, 09:45 AM
#6
Originally posted by s0nIc
i guess normal users arent that much at risk...
Well, I dunno about that... normal users passwords n stuff are still stored in files n such... even if the malicious person only goes for index.dat files, some of the urls may contain the username and password, me:password@www.dontlookhere.com.. and normal users often use the same password for a lot of things....
But I do agree that big users may have more to worry about, for example if the malicious person uses this to steal, say the registry files of that computer, they can find out lots of information about that system which could lead to a possible system breach.. for example, many accounts are stored in the registry, like the Exchange Service Account..
<You can find that in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
MSExchangeSA.>
-Matty_Cross
\"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
But when you\'re good and crazy, hehe, the skies the limit!!\"
-
January 3rd, 2002, 01:16 PM
#7
Another flaw on the MS record. If they recieved a dime for each time a security hole was found, they would be richer than they are now.
Wine maketh merry: but money answereth all things.
--Ecclesiastes 10:19
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
