Mobile Code

• ActiveX - Example Exploit

  • One exploit that was demonstrated was the combination of a signed ActiveX control and the Quicken financial management software. Quicken has access to bank account information and can electronically manage the money in these accounts. The data is encrypted, but pending requests reside in a queue so that the next time the application is connected, it will perform these operations.
  • An ActiveX control was written that was silently downloaded, looked for quicken, and inserted a transfer of money into the attackers account.

Previous slide

Next slide

Back to first slide

View graphic version