home  
exploit  
patch
test  
PopUpCop  

 

 

 

 

 

 

 

 

 

 

Executing arbitrary commands using ActiveX "codebase=" parameter

Working around the exploit Part 1a - exploitblock.exe

EdenSoft has written a small (60KB) program that allows you to work around this exploit.

The program changes the setting of Download signed ActiveX controls and Download unsigned ActiveX controls in the My Computer security zone from "Enable" to "Prompt". It also lets you change the settings back to "Enable".

After you change the settings to "Prompt", you will be prompted whether you want to "install and run" the program in question when a Web page attempts to use this exploit.

The program has been enhanced to allow you to change the registry bit that controls whether "My Computer" is visible on the Security page of the Internet Properties dialog.

Click here to download this utility (exploitblock.exe)


Working around the exploit Part 1b - Windows system registry settings

If you do not trust our program to change the settings for you, you can change the settings yourself. As with any change to the Windows system registry, you should apporoach this task with caution.

The settings in question are:

The key name is:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

The value names are:

1001 - Download permission for signed ActiveX controls.
1004 - Download permission for unsigned ActiveX controls.

Each of these values is set by default to 0 (zero), which means "Enable".

Set each value to 1 (one) to have Internet Explorer prompt you before it attempts to "download" an ActiveX control from your computer.

Set each value to 3 (three) to prevent Internet Explorer from "downloading" an ActiveX control from your computer.


If you wish to make the "My Computer" Zone visible on the Security page of the Internet Properties dialog, you need to change this value:

Flags - Controls some options for this zone, including whether the zone is visible in the UI.

To show the zone, OR the existing value with 0x20 (set bit 5). To hide visible, subtract 0x20 from the existing value (clear bit 5).



Working around the exploit Part 2 - Test


Click here to load a page which uses the exploit to attempt to run notepad.

Brought to you as a public service by EdenSoft, the makers of PopUpCop, the Internet Irritation Inhibitor(tm)"

 
 
© Copyright 2001-2006 EdenSoft.     EdenSoft™ and PopUpCop™ are trademarks of EdenSoft.