[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ActiveX control download and redirection

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: ActiveX control download and redirection
From: "Martijn Brinkers" <m.brinkers@xxxxxxxxx>
Date: Tue, 15 Jun 2004 17:17:24 +0200

Hi,

I have been playing around with ActiveX controls and I noticed that IE shows
the complete URL even though the download has been redirected. From a user
perspective its a bit unclear where the actual ActiveX control is downloaded
from.

example can be found on (a self signed ActiveX control will be downloaded):

http://www.brinkers.cistron.nl/RedirectYahoo.htm

It contains the following <OBJECT> tag.

<OBJECT
   classid="clsid:6A9F9438-754D-4D6A-932C-9C28405634F6"

codebase="http://rds.yahoo.com/*http://www.brinkers.cistron.nl/RedirectTestP
roj1.cab#version=1,0,0,0"
>

IE now shows a dialog ( http://www.brinkers.cistron.nl/activex.jpg )
indicating the ActiveX control comes from:

http://rds.yahoo.com/*http://www.brinkers.cistron.nl/RedirectTestProj1.cab

but it is actually downloaded from http://www.brinkers.cistron.nl

Its probably the correct behavior (by design) but I think it can be misused
in some ways?

Any comments?

Martijn Brinkers

m.brinkers@xxxxxxxxx

Prev by Date: RE: Multiple Antivirus Scanners DoS attack.
Next by Date: Re: authentication bug in KAME's racoon
Previous by thread: Re: MAGIC XSS INTO THE DNS: coelacanth
Next by thread: Unprivilegued settings for FreeBSD kernel variables
Index(es):
- Date
- Thread