Assuming that this would apply to non-malicious ActiveX controls, I can not
reproduce this condition with IE 5 on Windows NT. I have set the ActiveX
setting to "Prompt.." and went to http://www.microsoft.com/mscorp/. The
first time, I selected "Yes", and the virtual tour picture activated. I
closed IE5, went back to the page, selected no, and it did NOT run. Even
going back to the page, I was still prompted, and could not get the control
to run again without selecting yes. Perhaps this is a unique case, or a
caching issue.
Adam
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Si hoc legere scis nimium eruditionis habes.
----- Original Message -----
From: Sami Kuhmonen <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 01, 1999 2:21 PM
Subject: IE5 ActiveX security bug
> There is a severe bug in Internet Explorer 5's security system concerning
> ActiveX components on web pages.
>
> If you go to a web page that has an evil ActiveX component (for example,
> the component shuts down Windows) and tell IE to run the component, of
> course it runs it. After that you know that you do not want to run that
> component. But what happens when you go to that page later? IE5 asks
> whether you want to run this component or not. Say no, and it still runs
> it!
>
> So all it takes is one little mistake to run the component and it will be
> run every time you go to a page with that component.
>
> And think what will happen, if the component doesn't do its damage the
> first time, but the second time or later. Even if you don't want to run
> it, it will be run. And it might not even be shown on the screen.
>
> --
> Sami Kuhmonen | [EMAIL PROTECTED] | http://feenix.iqs.fi/
> iQs Partners Finland | [EMAIL PROTECTED] | http://www.iqs.fi/
> !!Webhotellit ilman avausmaksua!! | http://www.saitti.net/
> * Tutustu verkkokauppaan! | http://kauppa.iqs.fi/ *