[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz
str0ke at milw0rm.com
Fri May 9 16:13:38 UTC 2008
Steven M. Christey wrote:
> On Fri, 9 May 2008, Rob Keith wrote:
>> Hey, not sure if other VDBs discount these ActiveX controls when they
>> aren't marked safe for scripting?
> Thanks for bringing this up. I must admit to accidentally assuming that
> safe-for-scripting was required :)
Yep thanks Rob.
> FYI this looks like a good post from Microsoft:
> One question becomes, what steps did the researcher take to enable and
> exploit these controls in the first place? Is there still a chance where
> a user might activate the control somehow?
The researcher stated that Rob was correct and that he had IE mis
configured on his end.
More information about the VIM