[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz

str0ke str0ke at milw0rm.com
Fri May 9 16:13:38 UTC 2008

Steven M. Christey wrote:
> On Fri, 9 May 2008, Rob Keith wrote:
>> Hey, not sure if other VDBs discount these ActiveX controls when they
>> aren't marked safe for scripting?
> Thanks for bringing this up.  I must admit to accidentally assuming that
> safe-for-scripting was required :)

Yep thanks Rob.

> FYI this looks like a good post from Microsoft:
> http://blogs.technet.com/swi/archive/2008/02/03/activex-controls.aspx
> One question becomes, what steps did the researcher take to enable and
> exploit these controls in the first place?  Is there still a chance where
> a user might activate the control somehow?
The researcher stated that Rob was correct and that he had IE mis
configured on his end.


More information about the VIM mailing list