Information Security News mailing list archives
Microsoft oops!
From: ". o O ( Chris )" <home.750.my () CHRISB NILDRAM CO UK>
Date: Sat, 13 May 2000 08:25:17 +0100
http://www.microsoft.com/technet/security/bulletin/fq00-034.asp Office 2000 ships with an ActiveX control that is incorrectly marked as "safe for scripting". Because of the incorrect marking, a malicious web site operator could use the control to take inappropriate actions on the machine of a visiting user. The control ships only with Office 2000, so customers using previous versions do not need to take any action. The vulnerability exists because an ActiveX control, the Office 2000 UA Control, is incorrectly marked as "safe for scripting". It exposes fairly powerful functionality that is inappropriate for use by web sites. ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Microsoft oops! . o O ( Chris ) (May 13)