Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: affiliate drones

[bsa_pro_ad_space id=2]
#680212
Anonymous
Inactive

Same thing 888 does if I had more time I would look into it. I working on my site all week I promised. greek39

Which person are we talking about here?

Anyway the newest wave of viruses the latest and the worst one i have seen in years is the one Jeff from Wager profits got. Here’s the facts

Vulnerability Note VU#356600
Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
Overview
A cross-domain vulnerability exists in the DHTML Editing ActiveX control. An attacker may be able to execute arbitrary script in the Local Machine Zone or read or modify data in other domains. For example, the attacker could execute arbitrary commands with parameters, download and execute arbitrary code, read cookies, spoof content, or modify form behavior.
I. Description
The Cross-Domain Security Model
IE uses a cross-domain security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from accessing data in a different domain. The Internet Security Manager Object determines which zone or domain a URL exists in and what actions can be performed. From Microsoft Security Bulletin MS03-048:

One of the principal security functions of a browser is to ensure that browser windows that are under the control of different Web sites cannot interfere with each other or access each other’s data, while allowing windows from the same site to interact with each other. To differentiate between cooperative and uncooperative browser windows, the concept of a “domain” has been created. A domain is a security boundary – any open windows within the same domain can interact with each other, but windows from different domains cannot. The cross-domain security model is the part of the security architecture that keeps windows from different domains from interfering with each other.
The DHTML Editing Control

The DHTML Editing Control is a wrapper for the MSHTML editor. It is an ActiveX control that provides the ability to perform text and HTML editing functions. The control is marked “safe for scripting,” which means that the DHTML Editing Control could be called from Internet Explorer. The LoadURL method, which is traditionally used to open web page content in the DHTML Editing Control, will only open documents in the same domain as the host page. When used with a certain combination of script commands, the DHTML Editing Control can open the content of an arbitrary web page in any domain, regardless of the domain of the host page.

The Problem

The DHTML Editing Control is vulnerable to a cross-domain violation. When the DHTML Editing Control opens the content from a website, it appears to operate within the security context of that website. While the DHTML Editing Control has the security context of the opened site, the DHTML Editing Control is under full control of the page that hosts it. Working indirectly through the DHTML Editing Control, a website in one domain has the ability to access information in another domain or zone.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker may be able to execute script in the Local Machine Zone. Script that executes in the Local Machine Zone can be used to download and execute arbitrary code. An attacker may obtain full access to web content in another domain, which may reside in a different security zone. The impact is similar to that of a cross-site scripting vulnerability. This includes the ability to spoof or modify web content, access website information such as cookies, or retrieve data from an encrypted HTTPS connection. For a more detailed description of the impact of cross-site scripting vulnerabilities, please see CERT Advisory CA-2000-02.
III. Solution
Install an update
Install the update referenced in MS05-013. With this update, the cross-domain security model is enforced with the DHTML Editing Control

In a sense it could be viewed as a virus.

When I cruise the net I always disable my active scripting. This person your are referring to I believe is a scumbag and has no place on this forum. He’s been here for a while and his dirty tricks are now exposed. He’s many things scraper, black hatter and a fuckin no head. This guy pissed me off beyond my tolerances. Fuckin Idiot,its his fuckin deed!!! :Pisser: