> hhctrl.ocx is not installed by default in all SP1s but is on all SP2. > Therefore when the exploit page tries to create the object he cannot > find it so it tries to install it. On SP2 it exists by default therefore > created silently.
i replied to this because of this statement by the O.P.. "Any system running any Microsoft Windows XP edition with Internet Explorer 6 or higher, even with SP2 applied." this suggests that all XP are affected by default, including sp2. cheers, m.w p.s. I have noticed that the final pre-release of SP2 is much better ( in my experience ) performance and security wise. ( and it retains raw sockets ). In SP2rc2, IE6 popup blocker stopped the PoC at default settings. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
