dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
631

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

Is this considered a security exploit with IE?

»www.chrisstorer.com/cuph ··· lder.htm (a VB script that eject your DVD/CD drives).

VB scripts are scary especially under Internet Explorer.

[text was edited by author 2003-03-23 15:27:57]

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell

Premium Member

In Netscape 7.02, I get a black screen. I'm also running ZAP 3.7 with Program Control at Medium, Cookie Control at High, Ad Blocking at Medium, and Mobile Code Control turned Off. :) EDIT:Very Funny -- I tried the same thing in IE6sp1 and got my "cupholder" LOL.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

said by Randy Bell:
In Netscape 7.02, I get a black screen. I'm also running ZAP 3.7 with Program Control at Medium, Cookie Control at High, Ad Blocking at Medium, and Mobile Code Control turned Off. :) EDIT:Very Funny -- I tried the same thing in IE6sp1 and got my "cupholder" LOL.

Yeah, it is funny but scary to me. I wonder what else can you do with VB script like this online. Maybe I am being too paranoid.
[text was edited by author 2003-03-23 05:57:35]

Vampirefo
Premium Member
join:2000-12-11
Huntington, WV

Vampirefo

Premium Member

Here is the source code from that site.

Free Cup Holder

= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
End If
-->

¦¦ Free Cup Holder ¦¦
Enyo0
join:2002-11-06
UK

Enyo0 to antdude

Member

to antdude
Indeed i wonder to antdude, however if you change the security setting for active scripting in the relevent zone this would be prevented from occuring. I have mine set to prompt.
Tuulilapsi
Kenosis
join:2002-07-29
Finland

Tuulilapsi to antdude

Member

to antdude
No, it's no "exploit" as such - IE is just doing what it's supposed to do; running that script when you've enabled running scripts in your Internet Options.
Tablet
Premium Member
join:2003-01-15
Czech

Tablet

Premium Member

said by Tuulilapsi:
No, it's no "exploit" as such - IE is just doing what it's supposed to do; running that script when you've enabled running scripts in your Internet Options.
I thought that the scripts were somewhat limited in their capabilities.. if they can access cd-rom, then I guess they could access files on my hard drive too
Tuulilapsi
Kenosis
join:2002-07-29
Finland

Tuulilapsi

Member

As far as I know, VBScript is not limited. This is a different issue from VBScript, but many don't realize ActiveX objects are fully functional executables that aren't limited: they can do pretty much anything, including accessing the files on your hard drive. Now Javascript should be very limited (as far as I know, again, I don't know the language too well) in what it can do.
[text was edited by author 2003-03-23 13:08:52]

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

jdong

Premium Member

said by Tuulilapsi:
As far as I know, VBScript is not limited. This is a different issue from VBScript, but many don't realize ActiveX objects are fully functional executables that aren't limited: they can do pretty much anything, including accessing the files on your hard drive. Now Javascript should be very limited (as far as I know, again, I don't know the language too well) in what it can do.
[text was edited by author 2003-03-23 13:08:52]

What are you talking about? ActiveX and VBS are limited in nature. The CD-ROM drive isn't considered secured, but try a VB script to delete a file from the C: drive. It will fail for sure.
Tuulilapsi
Kenosis
join:2002-07-29
Finland

Tuulilapsi

Member

Hence the "AFAIK". Are you sure about the limits of ActiveX, though?

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

jdong

Premium Member

said by Tuulilapsi:
Hence the "AFAIK". Are you sure about the limits of ActiveX, though?
yeah, ActiveX on IE pages won't run unless marked "safe". Safe mark means that it doesn't write or remove files unless you have a certificate allowing it, etc.
Tuulilapsi
Kenosis
join:2002-07-29
Finland

Tuulilapsi

Member

But that isn't an actual limitation to what ActiveX (OLE 2) can do, is it - that's just an IE default setting that limits which ActiveX objects can be run. Many spyware and dialer ActiveX objects come with a safe certificate from for example Thawte. That, and there is of course an option in IE to run even unsafe objects. To my knowledge, the ActiveX objects themselves, when run, can do pretty much anything.

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

jdong to antdude

Premium Member

to antdude
A computer is only as smart as its user...

markjclark
join:2000-08-11

markjclark to antdude

Member

to antdude
My case has a door that can be closed to hide the CD-ROMS, which is hard to open. This would have broke 3 my CD-ROMS If it was closed one of which is a brand new DVD Burner. I think you should hide the link not make it clickable. I would have to kill somebody had that happen.
Tuulilapsi
Kenosis
join:2002-07-29
Finland

Tuulilapsi to jdong

Member

to jdong
Sometimes the computer is actually smarter.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to jdong

Premium Member

to jdong
Here's another one to think about that a friend was thinking. What if users are burning CD/DVDs, listening to music, installing/upgrades stuff, etc.? I believe some burner programs locks the drive like Nero. I am not sure about Easy CD Creator (I have v4.03 something).

Good thing the exploit doesn't work with Mozilla and Linux (have to unmount first before ejecting).

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

jdong to antdude

Premium Member

to antdude
Well, next time we post a "link" of some sort, please provide a description of what it does!

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

said by jdong:
Well, next time we post a "link" of some sort, please provide a description of what it does!
OK. Are you happy now with the original post?

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

jdong to antdude

Premium Member

to antdude
LOL, sure.

EmilioG
Whats This?
Premium Member
join:2000-09-19
New York, NY

EmilioG to antdude

Premium Member

to antdude
What was that site supposed to do, open the CD tray?
I went to that site with FREE CUP HOLDER and nothing happened. My IE6 Security settings are pretty tight, plus firewall.
LowWaterMark
Premium Member
join:2002-05-16
Wallingford, CT

LowWaterMark to antdude

Premium Member

to antdude
If I set the security for ActiveX and Scripting in IE's Internet Zone to all prompts, I actually get three prompts (from IE) that I have to allow for this to work. First the Active Scripting prompt, then an ActiveX control or plug-in prompt, and finally a prompt from "scripting of ActiveX controls"...

So, this isn't just a sign of the power of scripting, but also ActiveX, right? Scripting alone does not seem to have the ability to do this. Did it on anyone else's system without ActiveX?

Oh, the final pop-up was Tiny Trojan Trap (TTT), adding its rather significant level of protection.

markjclark
join:2000-08-11

markjclark

Member

Did a little digging it will leave ports 3514 wide open and sends out some data. Not to sure what just yet. I had to run out for a bit. So I will do some more looking after dinner.

Vampirefo
Premium Member
join:2000-12-11
Huntington, WV

Vampirefo

Premium Member

Click for full size
Um, you must be seeing things, that my packet sniffer can't see, This is the IP address of the site 12.220.105.77 No data is being sent and no ports are being left open.

markjclark
join:2000-08-11

markjclark

Member

As i said I think not sure But it does leave that port or may leave some other wide open.

seqrets
Premium Member
join:2001-05-03
Nederland, TX

seqrets to EmilioG

Premium Member

to EmilioG
Same here EmilioG! Click the link, prompt and nada!

XP Sp1, IE 6.

Edited for spelling

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

It's gone now.

"due to abuse, this was taken down.... I can't afford the bandwith required to support half a million visitors in a few days. If you are interested in the cupholder code, search the web, its been posted. Thanks Chris"

Martinus
Premium Member
join:2001-08-06
EU

Martinus to LowWaterMark

Premium Member

to LowWaterMark

Re: Is this considered a security exploit with IE?

LowWater, what application is that IEXPLORE2.EXE ?

I know Iexplore.exe is MSIE, and that site had no downloadable items.

Cheers

Martin
LowWaterMark
Premium Member
join:2002-05-16
Wallingford, CT

LowWaterMark

Premium Member

said by Martinus:
LowWater, what application is that IEXPLORE2.EXE ?
It actually is a second copy of Internet Explorer. I have the normal version, under the default name and location for IE, heavily restricted on my machine. I have the rules in my firewall and TTT somewhat looser for this alternate version of IE, which is what I use to browse. (It's a variation on what some people do when they install security software to non-standard directories.)

Martinus
Premium Member
join:2001-08-06
EU

Martinus

Premium Member

Well, I must admit. That's smart.

How do you do that? Just make a copy of the executable iexplore.exe in the same dir?

Regards

Martin

TechyDad
Premium Member
join:2001-07-13
USA

TechyDad to Tuulilapsi

Premium Member

to Tuulilapsi
said by Tuulilapsi:
As far as I know, VBScript is not limited. This is a different issue from VBScript, but many don't realize ActiveX objects are fully functional executables that aren't limited: they can do pretty much anything, including accessing the files on your hard drive. Now Javascript should be very limited (as far as I know, again, I don't know the language too well) in what it can do.
[text was edited by author 2003-03-23 13:08:52]

Actually, VBScript is limited. When run from a webpage (as opposed to a WSH Script), it shouldn't be able to access your registry or local files. It's functionality is limited as much as JavaScript's is. (This is barring any security holes that give it more permissions than it should have, of course.)

You are correct about ActiveX though. It can do anything that a locally executed program can. It can read from or write to your registry. It can read, write, or delete files. It can even reboot your computer. (For example, the Gator ActiveX control, when loaded, will download and install Gator's regular app on your computer behind the scenes.)