|
 |
|
Microsoft Windows May Allow Installation of Arbitrary ActiveX Controls
|
|
|
|
|
Secunia Advisory:
|
SA10010
|
|
|
Release Date:
|
2003-10-15
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Workstation
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
| | CVE reference: | CVE-2003-0660 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Microsoft has issued patches to fix a vulnerability in Microsoft Windows (Internet Explorer) allowing malicious HTML documents like web pages or emails to install arbitrary ActiveX controls.
The problem is that Microsoft Windows fails to present the user with an approval dialog under certain low memory conditions. When this occurs ActiveX controls will be installed silently. Malicious HTML documents may be able to cause low memory conditions.
This vulnerability can't be exploited on Microsoft Windows 2003 if Internet Explorer runs in Enhanced Security Configuration.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Microsoft has issued patches:
The patches are available from WindowsUpdate or from:
Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/de...-BB57-6B81B57C21B6&displaylang=en
Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/de...-A8E4-BDC59A98BDF2&displaylang=en
Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/de...-BBD7-1817F2944890&displaylang=en
Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/de...-8D98-23183D7EE17D&displaylang=en
Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/de...-B85A-E98E574338F1&displaylang=en
Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/de...-9BA7-055E93E87847&displaylang=en
Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/de...-B428-D76C4B669151&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/de...-9C08-5C9FCB905E11&displaylang=en
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/de...-8EAA-D58814635E0D&displaylang=en
Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/de...-9C08-5C9FCB905E11&displaylang=en
Original Advisory:
Vulnerability in Authenticode Verification Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-041.asp
Other References:
http://support.microsoft.com/default.aspx?kbid=823182
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
275 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft Windows Event System Privilege Escalation Vulnerabilities
|
|
2. Microsoft Windows Color Management System Buffer Overflow
|
|
3. Microsoft SQL Server and MSDE Multiple Vulnerabilities
|
|
4. Microsoft Windows DNS Spoofing Vulnerabilities
|
|
5. Microsoft Windows Pragmatic General Multicast Denial of Service
|
|
6. Microsoft Windows Active Directory LDAP Request Processing Denial of Service
|
|
7. Microsoft Windows WINS Privilege Escalation Vulnerability
|
|
8. Microsoft DirectX MJPEG/SAMI File Processing Vulnerabilities
|
|
9. Microsoft Windows Speech Recognition Security Issue
|
|
10. Apple Safari on Windows Code Execution Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
