Try this experiment: Click on the simple test created by greymagic.com. If a calculator pops up, you have a problem: your computer is configured to allow web sites to run programs on your machine … without using Active X, which is usually the culprit for such security holes.
If the calculator didn't pop up, you can congratulate yourself, you're probably running Unix, a Mac, using Firefox, or all at once. If you're just using Firefox on a windows machine, you might want to open up IE and try it again, just to be safe.
If you want to understand the problem a bit better there's a sort of explanation at DSO Exploit – Executing programs without Scripting or ActiveX.
If you are (justifiably) nervous about running a self-described exploit on your machine, and thus don't want to click the link above, you can download and run Spybot, which will tell you if you have the vulnerability (and check for many others as well).
How do you fix the problem? That's a little complicated as it may require you edit your registry settings (I'm unclear if Spybot actually fixes the problem or not). Instructions on doing this can be found at the link to DSO Exploit – Executing programs without Scripting or ActiveX.
Netscape handled it with no problem. With IE, Norton Antivirus stepped in. Even Windows can sometimes work if you put lots of bandaids on it.
I have no mac, no unix, no firefox, still didn’t pop up the calculator with IE. Do I still get to congratulate myself? God knows I’ll take what I can get in that department.
Michael,
I write about Windows and Windows security for a living. This particular security advisory was from February 2002. It has long since been corrected. Any Windows user who is up to date with security patches – a procedure that is required with ALL operating systems, including the Mac OS and all variants of Linux – is protected from this.
It’s also one of the least problematic security issues I know. An attacker who successfully exploited this issue on an unpatched machine could not plant a program on your computer or execute a program from another location. He could only run an existing program on your PC, and then only if he knows the exact location of that program on your PC. It was an interesting proof of concept but it required a lot more work before it could be used for a hostile action.
On March 28, 2002, Microsoft published Security Bulletin MS02-015, which publicly addressed the problem:
http://www.microsoft.com/technet/security/…n/MS02-015.mspx
A fix was included in Internet Explorer Security Update, March 28, 2002:
http://www.microsoft.com/windows/ie/downlo…182/default.asp
This fix is included in Windows XP with Service Pack 1 or later.
Best regards,
Ed Bott
Author
Windows XP Inside Out
Windows Security Inside Out
Pingback: Ed Bott - Windows (and Office) Expertise
Pingback: Ed Bott - Windows (and Office) Expertise
Apologies… The link in my earlier comment was truncated. The full link to the Microsoft Security Bulletin is here:
http://www.microsoft.com/technet/security/bulletin/MS02-015.mspx
Ed – Thank you for the correction (why does blogging remind me of the old USENET line that “the fastest way to get correct information is to post mis-information”?).
Assuming you are right, that means there’s an error in Spybot, as I have win xp fully patched running on this machine and it not only says I have the problem, it says it even after I tweaked the registry….
It is indeed an error in Spybot S&D. I discuss this error in a new post at my blog.
http://www.edbott.com/weblog/archives/000262.html
Ed
Pingback: Ed Bott - Windows (and Office) Expertise
Great (sarcasm)–I clicked and McCaffee popped up and said there’s a trojan virus in the file. Now it’s scanning my entire computer. Has this happened to anyone else? I think you should dump this link.
That’s not a virus. It’s a demonstration file that ACTS like a security exploit (which ccould be used to spread a virus but in this case is only opening a demonstration file). Your AV software has no way of knowing that the link you clicked is benign and has no hostile payload, so it does the sensible thing and tries to block it.
If that’s all you did, you have nothing to worry about.
Iunderstand. Unfortunately when Norton caught it, it sent an email message to the IS security folks, and now they’ve written a trouble ticket to “get rid of the virus I downloaded.”
—–