[Dshield] 0-day exploit: Microsoft Internet Explorer"Msdds.dll"Remote Code Exe cution Exploit

jayjwa jayjwa at atr2.ath.cx
Fri Aug 19 04:22:10 GMT 2005


On Wed, 17 Aug 2005, Mick Bergman wrote:

-> We block all ActiveX at the firewall. It has had so many vulnerabilities
-> over its history it just isn't worth the trouble.

Not to mention useless. It's just a ploy to forch people to use Windows by 
making it seem like they gain some extra functionality due to it.

I have a Mingw cross compiler, but I wanted MSVC++ so that I wouldn't 
have to modify the programs that were written for MSVC to get them to 
compile under GCC/Mingw. Where to get one and the PSDK that it needs to 
be really useful? Microsoft's own site of course.

Try going there without a Windows computer and ActiveX. It will land you 
on a page called "downlevel" and inform you that you can not download 
these, you need ActiveX. Their pages are a long series of Javascript 
functions and commands which do this and that, chase their own tail, and 
finally try to answer the million dollar question of if you'll allow them 
to execute ActiveX stuff. Simply *having* it installed isn't enough: it 
must be enabled; they will try to run a few test commands like Hotmail 
will try to drop cookies on your browser and then read them right back 
(but still requires you to manually enter your username and password....so 
why do they need the cookies then?). I could fake some of it, but in the 
end I couldn't dupe the ActiveX tests.

How could they do this, they are just files. Setting in directories, I'll 
send the GET, server send the file, and I would have been happy, but no, 
ActiveX was *required*. Or was it? Someone showed me some URL's that 
redirected and side-stepped this self-imposed requirement, and sure enough 
I was able to download the files, one at a time until the full compiler 
and PSDK where down. No wonder they had it heavily guarded: it runs 
flawlessly under Wine.

So much for ActiveX.

Something tells me Hotmail doesn't need all 9 of the cookies it
insists I have available for it, either.


j



More information about the list mailing list