Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft oops!

From: ". o O ( Chris )" <home.750.my () CHRISB NILDRAM CO UK>
Date: Sat, 13 May 2000 08:25:17 +0100
http://www.microsoft.com/technet/security/bulletin/fq00-034.asp



Office 2000 ships with an ActiveX control that is incorrectly marked as
"safe for scripting".  Because of the incorrect marking, a malicious web
site operator could use the control to take inappropriate actions on the
machine of a visiting user. The control ships only with Office
2000, so customers using previous versions do not need to take any
action.

The vulnerability exists because an ActiveX control, the Office 2000 UA
Control, is incorrectly marked as "safe for scripting". It exposes
fairly powerful functionality that is inappropriate for use by web
sites.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: