Re: Could this virus exploit end up embedded ...
by "Nasser Dassi" <nd264(at)is9.nyu.edu>
|
| Date: |
Sun, 7 May 2000 21:26:38 -0400 |
| To: |
"HWG-Languages" <hwg-languages(at)hwg.org> |
| References: |
net |
| |
todo: View
Thread,
Original
|
|
Yes. VERY easily (if you are familiar with visual basic scripting).
Browsers affected? All that support client-side scripting, ActiveX
controls, and any type of script that has anything to do with accessing a
user's computer (this includes JavaScript and cookies... believe it or
not... also one needs to be an 'expert' to make it function correctly).
The likelihood of being embedded? Not on reputable sites... but on
personal websites designed by students or novices (no offense anyone), I
would be careful.
Again, software at risk... anything that executes scripts: Web browsers,
OSes... everything is always at risk, so I wouldn't expect better answers
for this question.
Turned off other way? NOPE! :o)
Yours,
Nasser Dassi
----- Original Message -----
From: KathyW <kathyw(at)home.albury.net.au>
To: <hwg-languages(at)hwg.org>
Sent: Sunday, May 07, 2000 8:25 PM
Subject: Could this virus exploit end up embedded ...
> ... in a web page?
>
> Being one who has avoided m$ proprietary formats for a looooong time, I
don't
> know enough about how they work/can be used to say yay or nay but could
this
> recent vbx (or is it vbs - I hear conflicting reports) script end up
embedded in
> web pages, and if so, would it only affect browsers that supported vbx/s
(IE and
> it's 'clones')?
>
> Javascript is heavilly sand-boxed, as is java (my two preferred
technologies).
> If vbx/s could be so exploited/exploitable, how has this situation been
allowed
> to develop? Every time a new javascript or java exploit is found it gets
jumped
> on and plugged up big time.
>
> Anyway, what I'd really like to know is
> a) does the risk exist that the latest round of exploits are
possible/likely to
> end up embedded in web pages and if so
> b) who or what software is at risk and
> c) can this type of scripting be turned off without disabling javascript
as
> well in those browsers?
>
> KathyW.
>
> Red Hat Linux 6.1 (kernel 2.2.14)
> Sun JDK1.2.2
> PolarBarMailer16b (beta/alpha ... what the heck, I like it ;-)
>
HWG: hwg-languages mailing list archives,
maintained by Webmasters @ IWA