Feature #267
Rex::Text.to_activex
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | HD Moore | % Done: | 0% |
|
| Category: | general | |||
| Target version: | Metasploit 3.4.0 | |||
| Resolution: | wontfix | How To Use: | ||
| Release Note: |
Description
It would be cool to be able to make an arbitrary payload into an activex control. Since it won't be signed or in the whitelist, users in a default configuration will have to explicitly click on the big warning bar to allow it, but some places set ActiveX to "enable" instead of "prompt" for "Intranet" and "Trusted Sites" zones, negating that protection.
History
Updated by HD Moore over 2 years ago
- Priority changed from High to Normal
Updated by James Lee over 1 year ago
- Status changed from New to Closed
- Resolution set to wontfix
This is probably never going to happen and would be of limited use these days anyway since there are so many restrictions on ActiveX.