From: "Thor Larholm" <[EMAIL PROTECTED]> > Windows Media Player exposes several objects and methods to scripting > through a safe-for-scripting, signed ActiveX control. Among those objects > are the CD drive objects, which each have an Eject method. This is > documented functionality in WMP, if you want to you can easily push the > drive in and out in a constant cycle. > > If you don't like the features then don't use the product :) > > I remember people asking questions about ejecting CD drives back in 2000, > and remember putting up an example in early 2001 ( > http://jscript.dk/2001/3/cdrom.jpg ).
Though undocumented currently, I can now confirm that Microsoft has removed this functionality through the recently released MS03-021 bulletin. http://www.microsoft.com/technet/security/bulletin/MS03-021.asp MS03-021 fixes a vulnerability found by jelmer, as well as removing the ability to eject CD drives from webpages. Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
