A problem with the com.ms.activeX.ActiveXComponent java object can cause Internet Explorer 5.5 and Outlook Express to execute arbitrary programs. It is important to understand that Outlook Express with "security update", although more difficult, can also be exploited. DEMONSTRATION Complete code and a demonstration is available at; http://www.guninski.com/javaea1.html and; http://www.guninski.com/javaea2.html VENDOR RESPONSE It is unclear if Microsoft was notified by Mr. Guninski. Windows IT Security has forwarded the necessary information to Microsoft for response. Updates will be added as they become available. CREDIT |
0 comments
Hide comments