lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FAC2750.6090504@spywareinfo.com>
Date: Fri, 07 Nov 2003 18:14:24 -0500
From: Mike Healan <mike@...wareinfo.com>
To: Kurt Seifried <bt@...fried.org>
Cc: bugtraq@...urityfocus.com, NTBugtraq@...TSERV.NTBUGTRAQ.COM
Subject: Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part
 III


Kurt Seifried wrote:

 > If anyone knows a tool for finding out the CLSID of an ActiveX object I
 > would love to know it.

Sorry if this isn't what you're asking. I'm not sure I understood what 
you meant.

HijackThis will enumerate the CLSID associated with any activex control 
found in the Downloaded Program Files folder
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Example:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - 
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - 
http://a840.g.akamai.net/7/840/537/2003031901/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - 
http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - 
http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - 
http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - 
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.0377662037
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime 
Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime 
Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash 
Object) - 
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - 
http://www.m-w.com/tools/toolbar/cabs/m-w.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - 
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB



-- 
Mike Healan
http://www.spywareinfo.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ