|
|
|
|
Microsoft Windows May Allow Installation of Arbitrary ActiveX Controls
|
|
Secunia Advisory:
|
SA10010
|
|
|
Release Date:
|
2003-10-15
|
|
Popularity:
|
15,322 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Workstation
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2003-0660
|
|
Description:
Microsoft has issued patches to fix a vulnerability in Microsoft Windows (Internet Explorer) allowing malicious HTML documents like web pages or emails to install arbitrary ActiveX controls.
The problem is that Microsoft Windows fails to present the user with an approval dialog under certain low memory conditions. When this occurs ActiveX controls will be installed silently. Malicious HTML documents may be able to cause low memory conditions.
This vulnerability can't be exploited on Microsoft Windows 2003 if Internet Explorer runs in Enhanced Security Configuration.
Solution:
Microsoft has issued patches:
The patches are available from WindowsUpdate or from:
Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/de...-BB57-6B81B57C21B6&displaylang=en
Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/de...-A8E4-BDC59A98BDF2&displaylang=en
Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/de...-BBD7-1817F2944890&displaylang=en
Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/de...-8D98-23183D7EE17D&displaylang=en
Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/de...-B85A-E98E574338F1&displaylang=en
Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/de...-9BA7-055E93E87847&displaylang=en
Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/de...-B428-D76C4B669151&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/de...-9C08-5C9FCB905E11&displaylang=en
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/de...-8EAA-D58814635E0D&displaylang=en
Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/de...-9C08-5C9FCB905E11&displaylang=en
Original Advisory:
Vulnerability in Authenticode Verification Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-041.asp
Other References:
http://support.microsoft.com/default.aspx?kbid=823182
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
10th Oct, 2008
|
New advisories:
|
15 |
|
New vulnerabilities:
|
83 |
|
Updated advisories:
|
41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
