antdudeMatrix Ant Premium Member join:2001-03-25 US
|
antdude
Premium Member
2003-Mar-23 3:47 am
Is this considered a security exploit with IE?» www.chrisstorer.com/cuph ··· lder.htm (a VB script that eject your DVD/CD drives). VB scripts are scary especially under Internet Explorer. [text was edited by author 2003-03-23 15:27:57] |
|
Randy Bell Premium Member join:2002-02-24 Santa Clara, CA
|
In Netscape 7.02, I get a black screen. I'm also running ZAP 3.7 with Program Control at Medium, Cookie Control at High, Ad Blocking at Medium, and Mobile Code Control turned Off. :) EDIT:Very Funny -- I tried the same thing in IE6sp1 and got my "cupholder" LOL. |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US
|
antdude
Premium Member
2003-Mar-23 5:50 am
said by Randy Bell: In Netscape 7.02, I get a black screen. I'm also running ZAP 3.7 with Program Control at Medium, Cookie Control at High, Ad Blocking at Medium, and Mobile Code Control turned Off. :) EDIT:Very Funny -- I tried the same thing in IE6sp1 and got my "cupholder" LOL.
Yeah, it is funny but scary to me. I wonder what else can you do with VB script like this online. Maybe I am being too paranoid. [text was edited by author 2003-03-23 05:57:35] |
|
Vampirefo Premium Member join:2000-12-11 Huntington, WV
|
Vampirefo
Premium Member
2003-Mar-23 10:11 am
Here is the source code from that site. Free Cup Holder = 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> ¦¦ Free Cup Holder ¦¦ |
|
|
to antdude
Indeed i wonder to antdude, however if you change the security setting for active scripting in the relevent zone this would be prevented from occuring. I have mine set to prompt. |
|
|
to antdude
No, it's no "exploit" as such - IE is just doing what it's supposed to do; running that script when you've enabled running scripts in your Internet Options. |
|
Tablet Premium Member join:2003-01-15 Czech |
Tablet
Premium Member
2003-Mar-23 12:58 pm
said by Tuulilapsi: No, it's no "exploit" as such - IE is just doing what it's supposed to do; running that script when you've enabled running scripts in your Internet Options.
I thought that the scripts were somewhat limited in their capabilities.. if they can access cd-rom, then I guess they could access files on my hard drive too |
|
|
As far as I know, VBScript is not limited. This is a different issue from VBScript, but many don't realize ActiveX objects are fully functional executables that aren't limited: they can do pretty much anything, including accessing the files on your hard drive. Now Javascript should be very limited (as far as I know, again, I don't know the language too well) in what it can do. [text was edited by author 2003-03-23 13:08:52] |
|
|
jdongEat A Beaver, Save A Tree. Premium Member join:2002-07-09 Rochester, MI
|
jdong
Premium Member
2003-Mar-23 2:10 pm
said by Tuulilapsi: As far as I know, VBScript is not limited. This is a different issue from VBScript, but many don't realize ActiveX objects are fully functional executables that aren't limited: they can do pretty much anything, including accessing the files on your hard drive. Now Javascript should be very limited (as far as I know, again, I don't know the language too well) in what it can do. [text was edited by author 2003-03-23 13:08:52]
What are you talking about? ActiveX and VBS are limited in nature. The CD-ROM drive isn't considered secured, but try a VB script to delete a file from the C: drive. It will fail for sure. |
|
|
Hence the "AFAIK". Are you sure about the limits of ActiveX, though? |
|
jdongEat A Beaver, Save A Tree. Premium Member join:2002-07-09 Rochester, MI |
jdong
Premium Member
2003-Mar-23 2:16 pm
said by Tuulilapsi: Hence the "AFAIK". Are you sure about the limits of ActiveX, though?
yeah, ActiveX on IE pages won't run unless marked "safe". Safe mark means that it doesn't write or remove files unless you have a certificate allowing it, etc. |
|
|
But that isn't an actual limitation to what ActiveX (OLE 2) can do, is it - that's just an IE default setting that limits which ActiveX objects can be run. Many spyware and dialer ActiveX objects come with a safe certificate from for example Thawte. That, and there is of course an option in IE to run even unsafe objects. To my knowledge, the ActiveX objects themselves, when run, can do pretty much anything. |
|
jdongEat A Beaver, Save A Tree. Premium Member join:2002-07-09 Rochester, MI |
to antdude
A computer is only as smart as its user... |
|
|
to antdude
My case has a door that can be closed to hide the CD-ROMS, which is hard to open. This would have broke 3 my CD-ROMS If it was closed one of which is a brand new DVD Burner. I think you should hide the link not make it clickable. I would have to kill somebody had that happen. |
|
|
to jdong
Sometimes the computer is actually smarter. |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
to jdong
Here's another one to think about that a friend was thinking. What if users are burning CD/DVDs, listening to music, installing/upgrades stuff, etc.? I believe some burner programs locks the drive like Nero. I am not sure about Easy CD Creator (I have v4.03 something). Good thing the exploit doesn't work with Mozilla and Linux (have to unmount first before ejecting). |
|
jdongEat A Beaver, Save A Tree. Premium Member join:2002-07-09 Rochester, MI |
to antdude
Well, next time we post a "link" of some sort, please provide a description of what it does! |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
antdude
Premium Member
2003-Mar-23 3:28 pm
said by jdong: Well, next time we post a "link" of some sort, please provide a description of what it does!
OK. Are you happy now with the original post? |
|
jdongEat A Beaver, Save A Tree. Premium Member join:2002-07-09 Rochester, MI |
to antdude
LOL, sure. |
|
EmilioGWhats This? Premium Member join:2000-09-19 New York, NY |
to antdude
What was that site supposed to do, open the CD tray? I went to that site with FREE CUP HOLDER and nothing happened. My IE6 Security settings are pretty tight, plus firewall. |
|
|
to antdude
If I set the security for ActiveX and Scripting in IE's Internet Zone to all prompts, I actually get three prompts (from IE) that I have to allow for this to work. First the Active Scripting prompt, then an ActiveX control or plug-in prompt, and finally a prompt from "scripting of ActiveX controls"... So, this isn't just a sign of the power of scripting, but also ActiveX, right? Scripting alone does not seem to have the ability to do this. Did it on anyone else's system without ActiveX? Oh, the final pop-up was Tiny Trojan Trap (TTT), adding its rather significant level of protection. |
|
|
Did a little digging it will leave ports 3514 wide open and sends out some data. Not to sure what just yet. I had to run out for a bit. So I will do some more looking after dinner. |
|
Vampirefo Premium Member join:2000-12-11 Huntington, WV |
Um, you must be seeing things, that my packet sniffer can't see, This is the IP address of the site 12.220.105.77 No data is being sent and no ports are being left open. |
|
|
As i said I think not sure But it does leave that port or may leave some other wide open. |
|
seqrets Premium Member join:2001-05-03 Nederland, TX
|
to EmilioG
Same here EmilioG! Click the link, prompt and nada! XP Sp1, IE 6. Edited for spelling |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
antdude
Premium Member
2003-Mar-24 11:21 am
It's gone now."due to abuse, this was taken down.... I can't afford the bandwith required to support half a million visitors in a few days. If you are interested in the cupholder code, search the web, its been posted. Thanks Chris" |
|
|
to LowWaterMark
Re: Is this considered a security exploit with IE?LowWater, what application is that IEXPLORE2.EXE ?
I know Iexplore.exe is MSIE, and that site had no downloadable items.
Cheers
Martin |
|
|
said by Martinus: LowWater, what application is that IEXPLORE2.EXE ?
It actually is a second copy of Internet Explorer. I have the normal version, under the default name and location for IE, heavily restricted on my machine. I have the rules in my firewall and TTT somewhat looser for this alternate version of IE, which is what I use to browse. (It's a variation on what some people do when they install security software to non-standard directories.) |
|
|
Martinus
Premium Member
2003-Mar-25 2:43 am
Well, I must admit. That's smart.
How do you do that? Just make a copy of the executable iexplore.exe in the same dir?
Regards
Martin |
|
TechyDad Premium Member join:2001-07-13 USA
|
to Tuulilapsi
said by Tuulilapsi: As far as I know, VBScript is not limited. This is a different issue from VBScript, but many don't realize ActiveX objects are fully functional executables that aren't limited: they can do pretty much anything, including accessing the files on your hard drive. Now Javascript should be very limited (as far as I know, again, I don't know the language too well) in what it can do. [text was edited by author 2003-03-23 13:08:52]
Actually, VBScript is limited. When run from a webpage (as opposed to a WSH Script), it shouldn't be able to access your registry or local files. It's functionality is limited as much as JavaScript's is. (This is barring any security holes that give it more permissions than it should have, of course.) You are correct about ActiveX though. It can do anything that a locally executed program can. It can read from or write to your registry. It can read, write, or delete files. It can even reboot your computer. (For example, the Gator ActiveX control, when loaded, will download and install Gator's regular app on your computer behind the scenes.) |
|