[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <047301c33bd4$7ab91000$0200000a@JumperLappy>
From: thor at pivx.com (Thor Larholm)
Subject: CD-ROM drive opens
From: "Thor Larholm" <thor@...x.com>
> Windows Media Player exposes several objects and methods to scripting
> through a safe-for-scripting, signed ActiveX control. Among those objects
> are the CD drive objects, which each have an Eject method. This is
> documented functionality in WMP, if you want to you can easily push the
> drive in and out in a constant cycle.
>
> If you don't like the features then don't use the product :)
>
> I remember people asking questions about ejecting CD drives back in 2000,
> and remember putting up an example in early 2001 (
> http://jscript.dk/2001/3/cdrom.jpg ).
Though undocumented currently, I can now confirm that Microsoft has removed
this functionality through the recently released MS03-021 bulletin.
http://www.microsoft.com/technet/security/bulletin/MS03-021.asp
MS03-021 fixes a vulnerability found by jelmer, as well as removing the
ability to eject CD drives from webpages.
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
Powered by blists - more mailing lists