|
|
Posted by Rob McAninch on 01/21/06 07:34
Andy Dingley <dingbat@codesmiths.com> wrote in
<news:atm2t15p4dp9ec3ekn2672cq9hsvrmv82f@4ax.com> :
> On Fri, 20 Jan 2006 14:38:34 -0600, Rob McAninch
> <rob_13@excite.com> wrote:
>
>>Not to mention, that an HTA is essentially open source
>>software.
>
> Except that it isn't. It's "open source" parameters to a
> control that you have no more knowledge of than an opaque
> executable.
Well from what I can see an HTA is a HTML page with the extension
changed to .hta, then it gets rendered in an IE shell and *may*
have some additional privelges a web application wouldn't have.
Any HTA specific bits that I see only dictate how the HTA looks
and acts, there are no commands in the traditional sense. All the
commands occur in the plain text files where they can be
examined. Unless a compiled executable gets integrated with the
HTA, in which case, as stated, the HTA is like any other
downloaded executable and it will execute with the priveleges of
the current user.
I haven't picked apart the entire CBD but I don't see anything
that isn't plain text.
--
Rob McAninch
http://rock13.com
Navigation:
[Reply to this message]
|