lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <047301c33bd4$7ab91000$0200000a@JumperLappy>
From: thor at pivx.com (Thor Larholm)
Subject: CD-ROM drive opens

From: "Thor Larholm" <thor@...x.com>
> Windows Media Player exposes several objects and methods to scripting
> through a safe-for-scripting, signed ActiveX control. Among those objects
> are the CD drive objects, which each have an Eject method. This is
> documented functionality in WMP, if you want to you can easily push the
> drive in and out in a constant cycle.
>
> If you don't like the features then don't use the product :)
>
> I remember people asking questions about ejecting CD drives back in 2000,
> and remember putting up an example in early 2001 (
> http://jscript.dk/2001/3/cdrom.jpg ).

Though undocumented currently, I can now confirm that Microsoft has removed
this functionality through the recently released MS03-021 bulletin.

http://www.microsoft.com/technet/security/bulletin/MS03-021.asp

MS03-021 fixes a vulnerability found by jelmer, as well as removing the
ability to eject CD drives from webpages.



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ