Bugtraq: Re: Microsoft Security Bulletin (MS00-085)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Microsoft Security Bulletin (MS00-085)

From: Brett Glass <brett () LARIAT ORG>
Date: Sat, 4 Nov 2000 14:39:40 -0700

At 12:09 AM 11/3/2000, Microsoft Product Security wrote:

Issue
=====
An ActiveX control that ships as part of Windows 2000 contains an
unchecked buffer. If the control was called from a web page or HTML
mail using a specially-malformed parameter, it would be possible to
cause code to execute on the machine via a buffer overrun. This could
potentially enable a malicious user to take any desire action on the
user's machine, limited only by the permissions of the user.


Care to tell us which ActiveX control? The advisory does not
mention this -- not exactly what one would call full disclosure --
and therefore makes it impossible for administrators to disable
it and/or recognize attempted exploits.

--Brett Glass

By Date By Thread

Current thread:

Microsoft Security Bulletin (MS00-085) Microsoft Product Security (Nov 04)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS00-085) Brett Glass (Nov 06)