lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: thor at pivx.com (Thor Larholm) Subject: CD-ROM drive opens From: "Thor Larholm" <thor@...x.com> > Windows Media Player exposes several objects and methods to scripting > through a safe-for-scripting, signed ActiveX control. Among those objects > are the CD drive objects, which each have an Eject method. This is > documented functionality in WMP, if you want to you can easily push the > drive in and out in a constant cycle. > > If you don't like the features then don't use the product :) > > I remember people asking questions about ejecting CD drives back in 2000, > and remember putting up an example in early 2001 ( > http://jscript.dk/2001/3/cdrom.jpg ). Though undocumented currently, I can now confirm that Microsoft has removed this functionality through the recently released MS03-021 bulletin. http://www.microsoft.com/technet/security/bulletin/MS03-021.asp MS03-021 fixes a vulnerability found by jelmer, as well as removing the ability to eject CD drives from webpages. Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher
Powered by blists - more mailing lists