Erik Funkenbusch wrote:
On Thu, 25 Oct 2007 15:13:41 +0100, Roy Schestowitz wrote:
'Innovating' ways of excluding competition from the Web (ActiveX).
This is such a red herring. None of these problems are related to ActiveX itself. It's flaws in the plug-ins ..
Mozilla doesn't run ActiveX controls .. and in a link from the Reg
article ..
"ActiveX File Overwrite/Delete Vulnerabilities"
"These vulnerabilities exist particularly because of a registered
ActiveX control failing to restrict which domains may load the control
for execution"
"A user will not be required to authorize the object instantiation since
the object is within a signed ActiveX control"
"A typical exploitation scenario would require an attacker to convince a
targeted user to visit a malicious Web site"
http://www.symantec.com/enterprise/security_response/weblog/2007/10/activex_file_overwritedelete_v.html
--
fuddie will now redefine the meaning of: control, restrict, authorize
and run ...
|
