PARTS:
Part 30
Part 31
Part 32
Part 33
Part 34
Part 35
Part 36
Part 37
Part 38
Part 39
Part 40
Part 41
Part 42
Part 43
Part 44
Part 45
Part 46
Part 47
SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prev | Current Page 664 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

TableDef.36
{00000104-0000-0010-8000-00AA006D2EA4} - DAO.Field.36
{00000105-0000-0010-8000-00AA006D2EA4} - DAO.Index.36
{00000106-0000-0010-8000-00AA006D2EA4} - DAO.Group.36
{00000107-0000-0010-8000-00AA006D2EA4} - DAO.User.36
{00000108-0000-0010-8000-00AA006D2EA4} - DAO.QueryDef.36
{00000109-0000-0010-8000-00AA006D2EA4} - DAO.Relation.36
You could instantiate each clsid on this list looking for javaprxy.dll-type crashes.
Microsoft has already gone through this exercise for each COM object that ships with Windows,
but you might find a gem from a less-careful third party. But first let??™s take a look at the
list of COM objects that have set IObjectSafety to True notifying Windows that they are safe
to be loaded in IE. Here??™s the first entry from the safe list on my Vista machine:
> ADODB.Connection
{00000514-0000-0010-8000-00AA006D2EA4}
IObjectSafety:
IO. Safe for initialization set successfully
IPersist:GetInterfaceSafetyOptions Supported=3, Enabled=2
IO. Safe for scripting (IDispatchEx) set successfully
IDispatchEx:GetInterfaceSafetyOptions Supported=3, Enabled=3
_Connection:
Properties* Properties() propget
BSTR ConnectionString() propget
void ConnectionString(BSTR) propput
long CommandTimeout() propget
void CommandTimeout(long) propput
long ConnectionTimeout() propget
void ConnectionTimeout(long) propput
BSTR Version() propget
void Close()
_Recordset* Execute(BSTR, VARIANT*, long)
long BeginTrans()
void CommitTrans()
void RollbackTrans()
void Open(BSTR, BSTR, BSTR, long)
Errors* Errors() propget
BSTR DefaultDatabase() propget
void DefaultDatabase(BSTR) propput
IsolationLevelEnum IsolationLevel() propget
void IsolationLevel(IsolationLevelEnum) propput
long Attributes() propget
void Attributes(long) propput
CursorLocationEnum CursorLocation() propget
void CursorLocation(CursorLocationEnum) propput
ConnectModeEnum Mode() propget
void Mode(ConnectModeEnum) propput
BSTR Provider() propget
void Provider(BSTR) propput
long State() propget
_Recordset* OpenSchema(SchemaEnum, VARIANT, VARIANT)
void Cancel()
Gray Hat Hacking: The Ethical Hacker??™s Handbook
374
Scanning down the list of methods, nothing jumps out as immediately dangerous, like
the ???CreateObject??? call we saw on WMIScriptUtils.


Pages:
652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676
The Art of Agile Development (page 20) Absalom's Hair (page 143) Absolute Surrender and Other Addresses (page 9)