|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Georgi Guninski (guninski
guninski.com)Date: Fri Jan 04 2002 - 09:05:00 CST
It works for me on default settings of IE 6.0/5.5/Win2K.
Note: AFAIK microsoft neither confirm nor deny it is bug,
the last I heard from them was they were investigating my report.
Georgi Guninski,
http://www.guninski.com
Michael Fellows wrote:
>
> I tested this with the following systems:
>
> Win2K, IE 6.0.2600.0000CO w/Q313675
> Win95, IE 5.50.4807.2300CO w/SP2
>
> IE gives an "Error: Automation server can't create object" error unless
> "Initialize and script ActiveX controls not marked as safe" is set to
> "Enable" in the "Local intranet" Zone. At which point the vulnerability
> as listed works.
>
> User intervention is required to enable this setting because default
> settings and settings provided via the "Reset custom settings" default to
> either "Disable" or "Prompt".
>
> Were you able to get past this setting? If not, then I don't see this as
> being too large of a threat.
>
> Thank you,
>
> Michael
>
> --
> Michael Fellows
> Utah Department of Transportation
> email: mfellowsdot.state.ut.us
> pgp key: 0x6D8C2EF7
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]