

Executable file infector in JavaScript - adulau
http://alive-green.blogspot.com/2014/03/js-javascript.html

======
ricardobeat

        new ActiveXObject(...)
    

ActiveX has been disabled by default since IE7. Victims of an attack like this
are kind of asking for it (windows + IE + allowing ActiveX).

------
im3w1l
var objStream = new ActiveXObject("ADODB.Stream");

does this count as pure js?

~~~
josteink
If you run internet explorer I guess it does.

~~~
methou
Shouldn't that require user's consent to run "ActiveXObject"s?

~~~
maxerickson
In theory. That particular object was, I think, disabled in a fix that went
out over Windows update:

[http://support.microsoft.com/kb/870669](http://support.microsoft.com/kb/870669)

But I guess it might be enabled on lots of business desktops where the
functionality was in use prior to that.

------
pearjuice
Some clarification would be nice.

~~~
sorokod
The page clearly states that:"Думаю, комментарий излишен :)"

(I think that a commentary is not needed)

