Bugtraq mailing list archives
Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error
From: VR <violentrain () HOTMAIL COM>
Date: Sat, 16 Dec 2000 12:16:41 -0600
I somewhat apologize for the HTML formatting for those of you using a text-based editor. Right or Wrong, I love the formatting. Check out the Microsoft DLL help database at http://support.microsoft.com/servicedesks/fileversion/dllinfo.asp. A query for mstask.exe results in the following: File Name Version More Information Description mstask.exe 4.71.2137.1 More Information Task Scheduler Engine mstask.exe 4.71.2113.1 More Information Task Scheduler Engine mstask.exe 4.71.1964.1 More Information Task Scheduler Engine mstask.exe 4.71.1960.1 More Information Task Scheduler Engine mstask.exe 4.71.1959.1 More Information Task Scheduler Engine A query for mstask.dll... File Name Version More Information Description mstask.dll 4.71.2137.1 More Information Task Scheduler interface DLL mstask.dll 4.71.2113.1 More Information Task Scheduler interface DLL mstask.dll 4.71.1964.1 More Information Task Scheduler interface DLL mstask.dll 4.71.1960.1 More Information Task Scheduler interface DLL mstask.dll 4.71.1955.1 More Information Task Scheduler interface DLL The drill-down is very interesting if you'd like to know exactly which products were RTM'd with that particular mstask.exe/dll ver. http://support.microsoft.com/support/kb/articles/Q260/3/39.ASP desribed a bugfix included in IE5.5 SP1 which results in a new release of mstask.dll: 5/31/2000 6:41PM 4.71.1965.1 234,832 Mstant.dll I think the file name is mispelled. I believe it should be mstask.dll. This fix only applies to the following: Microsoft Internet Explorer versions 5.01, 5.01 Service Pack 1, 5.5 for Windows NT 4.0 Something else to note is the two different versioning paths - one for Win2k and one for everything else that has Task Scheduler. Name: mstask.dll Description: Task Scheduler interface DLL Version: 4.71.1964.1 DLLSelfRegister: No PRODUCTS CONTAINING THIS VERSION: PRODUCT SIZE MOD DATE CAB/IEXPRESS RELATIVE PATH Commerce Server 2000 245,824 3/27/2000 ts95.cab \support\ie Commerce Server 2000 234,320 3/27/2000 tsnt.cab \support\ie Internet Explorer 5.5 245,824 3/27/2000 ts95.cab Internet Explorer 5.5 234,320 3/27/2000 tsnt.cab Windows Millenium Edition 258,048 6/8/2000 win_13.cab \win9x Name: mstask.dll Description: Task Scheduler interface DLL Version: 4.71.2137.1 DLLSelfRegister: No PRODUCTS CONTAINING THIS VERSION: PRODUCT SIZE MOD DATE CAB/IEXPRESS RELATIVE PATH Windows 2000 BETA RC3 218,384 11/14/1999 Windows 2000 Professional 218,384 12/2/1999 \i386 Windows 2000 Server 218,384 12/2/1999 \i386 It is important to note that schedule.exe (on NT4) will be upgraded to Task Scheduler when the Offline Browsing Pack is installed during IE5.x setup. The same will happen with IE4.x if you download the Task Scheduler component. You can avoid the upgrade by choosing not to install the Offline Browsing Pack (NT4 only). However, you will not be able to synchronize web pages for offline reading. http://support.microsoft.com/support/kb/articles/Q174/8/28.ASP (Describes components available in IE4) To cover all bases, yes Task Scheduler is used for more than just scheduled web synchronizations. The Microsoft Critical Update Notification, PCHealth, Tune-Up, etc. automatically schedule themselves too. Win98 and newer will automatically use Task Scheduler for these things. Cheers, VR ----- Original Message ----- From: "Dan Carleton" <dan () FIPOINT COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Friday, December 15, 2000 8:57 AM Subject: Re: [BUGTRAQ] Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error
Win 98 DOES have a task scheduler, MSTask.exe, although I don't know if it has the same vulnerability as NT. from TechNet:
http://www.microsoft.com/TechNet/win98/reskit/part5/wrkc23.asp
"The Scheduled Task Wizard is automatically installed when you install Windows 98. The executable file, Mstask.exe, is located in your \Windows \System folder." -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Andrew Church Sent: Wednesday, December 13, 2000 11:31 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code errorWindows 95/98 not vulnerable, because they has no MSTask.exe
Current thread:
- Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Andrew Church (Dec 15)
- Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Geoffroy RIVAT (Dec 16)
- Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Dan Carleton (Dec 16)
- Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Wade, Philip (Dec 18)
- Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error VR (Dec 18)