[Full-Disclosure] (no subject)
morning_wood
se_cur_ity at hotmail.com
Mon Jun 23 06:27:00 BST 2003
it a known exploit.
----- Original Message -----
From: Muhstik Botha
To: full-disclosure at lists.netsys.com
Sent: Sunday, June 22, 2003 7:42 PM
Subject: [Full-Disclosure] (no subject)
Hi,
I just accessed a page which ejects my CD-ROM tray. Is this consider privacy or security breaching? I'm no expert on pertinent subject. For me, i don't like ppl be able to fool around with my CDROM tray when i open their website. Any comments? Thanks.
I checked the site and it contains :
<SCRIPT language=VBScript>
<!--
Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
End If
-->
</SCRIPT>
Take care,
muhstik
------------------------------------------------------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030622/cba62479/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.