[<prev] [next>] [day] [month] [year] [list]
Message-ID: <008e01c452eb$dca9bc40$e000a8c0@martijnmycom>
Date: Tue, 15 Jun 2004 17:17:24 +0200
From: "Martijn Brinkers" <m.brinkers@...ox.com>
To: <bugtraq@...urityfocus.com>
Subject: ActiveX control download and redirection
Hi,
I have been playing around with ActiveX controls and I noticed that IE shows
the complete URL even though the download has been redirected. From a user
perspective its a bit unclear where the actual ActiveX control is downloaded
from.
example can be found on (a self signed ActiveX control will be downloaded):
http://www.brinkers.cistron.nl/RedirectYahoo.htm
It contains the following <OBJECT> tag.
<OBJECT
classid="clsid:6A9F9438-754D-4D6A-932C-9C28405634F6"
codebase="http://rds.yahoo.com/*http://www.brinkers.cistron.nl/RedirectTestP
roj1.cab#version=1,0,0,0"
>
IE now shows a dialog ( http://www.brinkers.cistron.nl/activex.jpg )
indicating the ActiveX control comes from:
http://rds.yahoo.com/*http://www.brinkers.cistron.nl/RedirectTestProj1.cab
but it is actually downloaded from http://www.brinkers.cistron.nl
Its probably the correct behavior (by design) but I think it can be misused
in some ways?
Any comments?
Martijn Brinkers
m.brinkers@...ox.com
Powered by blists - more mailing lists