Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > I wonder if XP SP2 can prevent this kind of behaviour...

Reply
Thread Tools

I wonder if XP SP2 can prevent this kind of behaviour...

 
 
K T T
Guest
Posts: n/a
 
      09-15-2004

http://www.doxdesk.com/personal/post...e/activex.html

linked from this article

http://bmonday.com/articles/496.aspx

"IE Chromeless Windows Vulnerability"
 
Reply With Quote
 
 
 
 
The Black Wibble
Guest
Posts: n/a
 
      09-15-2004
"K T T" <(E-Mail Removed)> wrote in message
news:ci8pgm$6cm$(E-Mail Removed)...
>
> http://www.doxdesk.com/personal/post...e/activex.html


It does. This message appears in IE: " To help your security, Explorer
stopped this site from installing an ActiveX control on your computer.
Click the options..."

Tony.
--
http://iraqthemodel.blogspot.com


 
Reply With Quote
 
 
 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-15-2004
K T T wrote:
> http://www.doxdesk.com/personal/post...e/activex.html
> linked from this article
> http://bmonday.com/articles/496.aspx
> "IE Chromeless Windows Vulnerability"


It seems to... "To help protect your security, Internet Explorer stopped
this site from installing an Active X control on your computer. Click
here for options"

what was it meant to do?
 
Reply With Quote
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-15-2004
Dave - Dave.net.nz wrote:

> K T T wrote:
>
>> http://www.doxdesk.com/personal/post...e/activex.html
>> linked from this article
>> http://bmonday.com/articles/496.aspx
>> "IE Chromeless Windows Vulnerability"

>
>
> It seems to... "To help protect your security, Internet Explorer stopped
> this site from installing an Active X control on your computer. Click
> here for options"
>
> what was it meant to do?


If you enable Active X you get a popup saying "Windows has blocked this
software because it cannot verify the publisher" "name vuln.exe"
"publisher unknown"

and it still wont run it.

Im tempted to turn off all the security on the VMware machine and see
what it does.
 
Reply With Quote
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-15-2004
Dave - Dave.net.nz wrote:
> Im tempted to turn off all the security on the VMware machine and see
> what it does.


Just to see what it does, I have added it to my "Trusted sites" list, as
I figure you can't get much more stupid than that.

and well... IE pops up and says "The Publisher could not be verified.
Are you sure you want to install the software?"
"Name: Vuln.exe"
Publisher: unknown publisher"
"install/dont install" options.

Dont install doesnt install it of course.
Install gives a dos screen like this.

____________________________________________
Hello, I am arbitrary code.
I could have wiped your files by now.

(any key)
____________________________________________

no lines though.

 
Reply With Quote
 
richard
Guest
Posts: n/a
 
      09-15-2004
K T T wrote:

>
> http://www.doxdesk.com/personal/post...e/activex.html
>
> linked from this article
>
> http://bmonday.com/articles/496.aspx
>
> "IE Chromeless Windows Vulnerability"


heh, thats cute, authough the grey bits to mask the No button and cover the
description appeared slightly in the wrong place due to the skin I have on the
XP machine
 
Reply With Quote
 
K T T
Guest
Posts: n/a
 
      09-15-2004
The Black Wibble wrote:
> "K T T" <(E-Mail Removed)> wrote in message
> news:ci8pgm$6cm$(E-Mail Removed)...
>
>>http://www.doxdesk.com/personal/post...e/activex.html

>
>
> It does. This message appears in IE: " To help your security, Explorer
> stopped this site from installing an ActiveX control on your computer.
> Click the options..."
>
> Tony.

When I moved the window around I could see that the programmer had
masked the true warning message with one of his own.

If you click the yes button some code is executed on the computer that
could do some real damage, although on this site it's a test to reveal
windows non-security. Scary stuff.

 
Reply With Quote
 
Max Burke
Guest
Posts: n/a
 
      09-15-2004
> K T T scribbled:

> The Black Wibble wrote:
>> "K T T" <(E-Mail Removed)> wrote in message
>> news:ci8pgm$6cm$(E-Mail Removed)...


>>> http://www.doxdesk.com/personal/post...e/activex.html


>> It does. This message appears in IE: " To help your security,
>> Explorer stopped this site from installing an ActiveX control on
>> your computer. Click the options..."
>>
>> Tony.

> When I moved the window around I could see that the programmer had
> masked the true warning message with one of his own.


Not i my XP Prof SP2 system he didn't.

> If you click the yes button some code is executed on the computer that
> could do some real damage, although on this site it's a test to reveal
> windows non-security. Scary stuff.


I dont even get a 'yes' option. It's completely blocked by default; it
*REQUIRES* me/the user sitting in front of the computer to manually change
the default XP SP2 Active X settings to allow that (or any) web page to run
ANY Active X controls on the local machine.

--
http://www.velocityreviews.com/forums/(E-Mail Removed)
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke

 
Reply With Quote
 
K T T
Guest
Posts: n/a
 
      09-15-2004
Max Burke wrote:
>> K T T scribbled:

>
>
>> The Black Wibble wrote:
>>
>>> "K T T" <(E-Mail Removed)> wrote in message
>>> news:ci8pgm$6cm$(E-Mail Removed)...

>
>
>>>> http://www.doxdesk.com/personal/post...e/activex.html

>
>
>>> It does. This message appears in IE: " To help your security,
>>> Explorer stopped this site from installing an ActiveX control on
>>> your computer. Click the options..."
>>>
>>> Tony.

>>
>> When I moved the window around I could see that the programmer had
>> masked the true warning message with one of his own.

>
>
> Not i my XP Prof SP2 system he didn't.
>
>> If you click the yes button some code is executed on the computer that
>> could do some real damage, although on this site it's a test to reveal
>> windows non-security. Scary stuff.

>
>
> I dont even get a 'yes' option. It's completely blocked by default; it
> *REQUIRES* me/the user sitting in front of the computer to manually
> change the default XP SP2 Active X settings to allow that (or any) web
> page to run ANY Active X controls on the local machine.
>

Well it took a few years, but looks like MS finally fixed it with SP2.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't prevent IE 5.5 SP2 from issuing two security warnings tasTDasd Computer Support 7 09-22-2009 02:33 PM
ATI HDTV Wonder card can capture HDTV pictures in 1080i or 1080p and print out as photos? Summercoolness@gmail.com Digital Photography 2 07-15-2006 03:02 PM
How to prevent windows xp sp2 from autoconnecting to a network? Mario Wireless Networking 3 05-02-2005 10:15 PM
WIN XP SP2 ERROR: Can not read from or write to the data base. SP2 installation did not complete Father Jack Hackett Computer Support 5 01-26-2005 06:08 PM
Wonder if someone can help Muckey ASP .Net 1 02-06-2004 05:50 PM



Advertisments