[17497] in bugtraq
Re: Microsoft Security Bulletin (MS00-085)
daemon@ATHENA.MIT.EDU (Brett Glass)
Mon Nov 6 00:33:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <4.3.2.7.2.20001104143729.00e5f930@localhost>
Date: Sat, 4 Nov 2000 14:39:40 -0700
Reply-To: Brett Glass <brett@LARIAT.ORG>
From: Brett Glass <brett@LARIAT.ORG>
X-To: Microsoft Product Security <secnotif@MICROSOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <C10F7F33B880B248BCC47DB4467388470CC74E@red-msg-07.redmond.
corp.microsoft.com>
At 12:09 AM 11/3/2000, Microsoft Product Security wrote:
>Issue
>=====
>An ActiveX control that ships as part of Windows 2000 contains an
>unchecked buffer. If the control was called from a web page or HTML
>mail using a specially-malformed parameter, it would be possible to
>cause code to execute on the machine via a buffer overrun. This could
>potentially enable a malicious user to take any desire action on the
>user's machine, limited only by the permissions of the user.
Care to tell us which ActiveX control? The advisory does not
mention this -- not exactly what one would call full disclosure --
and therefore makes it impossible for administrators to disable
it and/or recognize attempted exploits.
--Brett Glass
