|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Microsoft Security Bulletin (MS00-085)
From: Brett Glass (brett
LARIAT.ORG)Date: Sat Nov 04 2000 - 15:39:40 CST
- Next message: Gavin, Andrew: "Re: dos on quake1 servers"
- Previous message: Patrik Sternudd: "Re: Samba 2.0.7 SWAT vulnerabilities"
- Maybe reply: Brett Glass: "Re: Microsoft Security Bulletin (MS00-085)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 12:09 AM 11/3/2000, Microsoft Product Security wrote:
>Issue
>=====
>An ActiveX control that ships as part of Windows 2000 contains an
>unchecked buffer. If the control was called from a web page or HTML
>mail using a specially-malformed parameter, it would be possible to
>cause code to execute on the machine via a buffer overrun. This could
>potentially enable a malicious user to take any desire action on the
>user's machine, limited only by the permissions of the user.
Care to tell us which ActiveX control? The advisory does not
mention this -- not exactly what one would call full disclosure --
and therefore makes it impossible for administrators to disable
it and/or recognize attempted exploits.
--Brett Glass
- Next message: Gavin, Andrew: "Re: dos on quake1 servers"
- Previous message: Patrik Sternudd: "Re: Samba 2.0.7 SWAT vulnerabilities"
- Maybe reply: Brett Glass: "Re: Microsoft Security Bulletin (MS00-085)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]