[18137] in bugtraq
Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe
daemon@ATHENA.MIT.EDU (VR)
Mon Dec 18 19:16:06 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <OE18IkyPzGNsokLQ8aZ0000015c@hotmail.com>
Date: Sat, 16 Dec 2000 12:16:41 -0600
Reply-To: VR <violentrain@HOTMAIL.COM>
From: VR <violentrain@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
I somewhat apologize for the HTML formatting for those of you using a
text-based editor. Right or Wrong, I love the formatting.
Check out the Microsoft DLL help database at
http://support.microsoft.com/servicedesks/fileversion/dllinfo.asp.
A query for mstask.exe results in the following:
File Name Version More Information Description
mstask.exe 4.71.2137.1 More Information Task Scheduler
Engine
mstask.exe 4.71.2113.1 More Information Task Scheduler
Engine
mstask.exe 4.71.1964.1 More Information Task Scheduler
Engine
mstask.exe 4.71.1960.1 More Information Task Scheduler
Engine
mstask.exe 4.71.1959.1 More Information Task Scheduler
Engine
A query for mstask.dll...
File Name Version More Information Description
mstask.dll 4.71.2137.1 More Information Task Scheduler
interface DLL
mstask.dll 4.71.2113.1 More Information Task Scheduler
interface DLL
mstask.dll 4.71.1964.1 More Information Task Scheduler
interface DLL
mstask.dll 4.71.1960.1 More Information Task Scheduler
interface DLL
mstask.dll 4.71.1955.1 More Information Task Scheduler
interface DLL
The drill-down is very interesting if you'd like to know exactly which
products were RTM'd with that particular mstask.exe/dll ver.
http://support.microsoft.com/support/kb/articles/Q260/3/39.ASP desribed a
bugfix included in IE5.5 SP1 which results in a new release of mstask.dll:
5/31/2000 6:41PM 4.71.1965.1 234,832 Mstant.dll
I think the file name is mispelled. I believe it should be mstask.dll.
This fix only applies to the following:
Microsoft Internet Explorer versions 5.01, 5.01 Service Pack 1, 5.5 for
Windows NT 4.0
Something else to note is the two different versioning paths - one for Win2k
and one for everything else that has Task Scheduler.
Name: mstask.dll
Description: Task Scheduler interface DLL
Version: 4.71.1964.1
DLLSelfRegister: No
PRODUCTS CONTAINING THIS VERSION:
PRODUCT SIZE MOD DATE CAB/IEXPRESS RELATIVE PATH
Commerce Server 2000 245,824 3/27/2000 ts95.cab
\support\ie
Commerce Server 2000 234,320 3/27/2000 tsnt.cab
\support\ie
Internet Explorer 5.5 245,824 3/27/2000 ts95.cab
Internet Explorer 5.5 234,320 3/27/2000 tsnt.cab
Windows Millenium Edition 258,048 6/8/2000 win_13.cab
\win9x
Name: mstask.dll
Description: Task Scheduler interface DLL
Version: 4.71.2137.1
DLLSelfRegister: No
PRODUCTS CONTAINING THIS VERSION:
PRODUCT SIZE MOD DATE CAB/IEXPRESS RELATIVE PATH
Windows 2000 BETA RC3 218,384 11/14/1999
Windows 2000 Professional 218,384 12/2/1999 \i386
Windows 2000 Server 218,384 12/2/1999 \i386
It is important to note that schedule.exe (on NT4) will be upgraded to Task
Scheduler when the Offline Browsing Pack is installed during IE5.x setup.
The same will happen with IE4.x if you download the Task Scheduler
component. You can avoid the upgrade by choosing not to install the Offline
Browsing Pack (NT4 only). However, you will not be able to synchronize web
pages for offline reading.
http://support.microsoft.com/support/kb/articles/Q174/8/28.ASP (Describes
components available in IE4)
To cover all bases, yes Task Scheduler is used for more than just scheduled
web synchronizations. The Microsoft Critical Update Notification, PCHealth,
Tune-Up, etc. automatically schedule themselves too. Win98 and newer will
automatically use Task Scheduler for these things.
Cheers, VR
----- Original Message -----
From: "Dan Carleton" <dan@FIPOINT.COM>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Friday, December 15, 2000 8:57 AM
Subject: Re: [BUGTRAQ] Vulnerability Report For Microsoft Windows NT 4.0
MSTask.exe code error
> Win 98 DOES have a task scheduler, MSTask.exe, although I don't know if it
> has the same vulnerability as NT.
>
> from TechNet:
http://www.microsoft.com/TechNet/win98/reskit/part5/wrkc23.asp
>
> "The Scheduled Task Wizard is automatically installed when you install
> Windows 98. The executable file, Mstask.exe, is located in your \Windows
> \System folder."
>
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of Andrew
> Church
> Sent: Wednesday, December 13, 2000 11:31 PM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: Vulnerability Report For Microsoft Windows NT 4.0
> MSTask.exe code error
>
> >>Windows 95/98 not vulnerable, because they has no MSTask.exe
>
