|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: ms activex setup ctl exploit.
From: Mukund (muks
HD2.VSNL.NET.IN)Date: Wed Mar 01 2000 - 09:43:47 CST
- Next message: Bertrand Schmitt: "Re: BID 994,MS00-010 (Site Server Commerce Edition non-validated SQL inputs)"
- Previous message: Bret Piatt: "Re: Disk (over)quota in Windows 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi. this is my first posting to bugtraq.
a complete description of the microsoft active setup control's
unsigned cab file execution vulnerability and exploit is published
on securityfocus. you may want to check this out.
this is a sad vulnerability. one can actually transfer an EXE file
to the other side and get it executed without the user's knowledge.
http://www.securityfocus.com/data/vulnerabilities/exploits/775.html
an alternate address is:
http://www.crosswinds.net/~muks/
SHORT MESSAGE: if you use outlook express,
download the patches for the above off microsoft's
site and install them. or turn off all activex controls in your
security settings of outlook express. better yet, change your
mail client.
this exploit is published at
http://www.securityfocus.com/bid/775/
cheers!
mukund
- Next message: Bertrand Schmitt: "Re: BID 994,MS00-010 (Site Server Commerce Edition non-validated SQL inputs)"
- Previous message: Bret Piatt: "Re: Disk (over)quota in Windows 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]