[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz

Steven M. Christey coley at linus.mitre.org
Fri May 9 16:06:17 UTC 2008


On Fri, 9 May 2008, Rob Keith wrote:

> Hey, not sure if other VDBs discount these ActiveX controls when they
> aren't marked safe for scripting?

Thanks for bringing this up.  I must admit to accidentally assuming that
safe-for-scripting was required :)

FYI this looks like a good post from Microsoft:

http://blogs.technet.com/swi/archive/2008/02/03/activex-controls.aspx

One question becomes, what steps did the researcher take to enable and
exploit these controls in the first place?  Is there still a chance where
a user might activate the control somehow?

- Steve


More information about the VIM mailing list