Bugtraq mailing list archives
Re: Microsoft Security Bulletin (MS00-085)
From: Brett Glass <brett () LARIAT ORG>
Date: Sat, 4 Nov 2000 14:39:40 -0700
At 12:09 AM 11/3/2000, Microsoft Product Security wrote:
Issue ===== An ActiveX control that ships as part of Windows 2000 contains an unchecked buffer. If the control was called from a web page or HTML mail using a specially-malformed parameter, it would be possible to cause code to execute on the machine via a buffer overrun. This could potentially enable a malicious user to take any desire action on the user's machine, limited only by the permissions of the user.
Care to tell us which ActiveX control? The advisory does not mention this -- not exactly what one would call full disclosure -- and therefore makes it impossible for administrators to disable it and/or recognize attempted exploits. --Brett Glass
Current thread:
- Microsoft Security Bulletin (MS00-085) Microsoft Product Security (Nov 04)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS00-085) Brett Glass (Nov 06)