Re: Active X exploit.

Paul Leach (paulle@MICROSOFT.COM)
Wed, 27 Aug 1997 12:16:06 -0700

> ----------
> From: alan@lxorguk.ukuu.org.uk[SMTP:alan@lxorguk.ukuu.org.uk]
> Sent: Wednesday, August 27, 1997 1:25 PM
> To: Paul Leach
> Cc: BUGTRAQ@NETSPACE.ORG
> Subject: Re: Active X exploit.
>
> > That's more secure than what I buy at the store.
>
> When sir, was the last time you walked into a store and every time you
> looked at a package it automatically installed itself and ran ?
>
The actual answer: the last time I bought a CD-ROM based package. Take a
look at "autorun.inf" on a CD-ROM.

ActiveX controls from a software vendor only automatically run if you
have previously stated that you are willing to automatically run any
signed code from that software vendor.

Paul