[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] ADODB.Stream object
- To: "'Thor Larholm'" <lists.netsys.com@jscript.dk>, "'jelmer'" <jkuperus@planet.nl>, <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] ADODB.Stream object
- From: "Richard M. Smith" <rms@computerbytesman.com>
- Date: Tue, 26 Aug 2003 12:46:41 -0400
Hi,
>>> HTML files, regardless of security zone, should not in
>>> themselves be allowed to write to the local file system or
>>> execute arbitrary commands. This is precisely
>>> the purpose of HTML Applications (HTA).
Agreed. However, I would go one step further. I don't think that the
typical user has a need for HTML Applications and Windows Scripting
Host. Both of these features along with their associated ActiveX
controls should be disabled by default in Windows XP. They make writing
malware too easy.
Richard
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html