Shasta Console Operations February 2010 Tony Caleb

Embed Size (px)


Introduction MSIE ADODB.Stream Object Installation Weakness is the BROWSER EXPLOIT, that allows the hackers to attack a system through browser, install it’s activex controls and takes over the victims system. This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening. - SYMANTEC provides a method for reading and writing files on a hard drive. This by-design functionality is sometimes used by web applications. However, when combined with known security vulnerabilities in Microsoft Internet Explorer, it could allow an internet web site to execute script from the Local Machine Zone (LMZ). This occurs because the ADODB.Stream object allows access to the hard drive when hosted within Internet Explorer. - MICROSOFT This weakness depends on scripting that abuses the ADODB.Stream Object to write an attacker- specified file to the victim file system. – SECURITY FOCUS