Application Execution Vulnerability in Microsoft Visual FoxPro 6.0

A vulnerability exists in Visual FoxPro 6.0 that can result in an attacker gaining control over the vulnerable system.

Ken Pfeil

September 5, 2002

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported September 4, 2002, byMicrosoft.

VERSION AFFECTED

 

·        Microsoft Visual FoxPro 6.0

 

DESCRIPTION

 

A vulnerability exists in VisualFoxPro 6.0 that can result in an attacker gaining control over the vulnerablesystem. This vulnerability stems from a problem of Visual FoxPro's installationwhere the application doesn't register itself with Microsoft Internet Explorer(IE). As a result, an attacker can use a Web page or HTML email to launch anapplication on the vulnerable system.

 

VENDOR RESPONSE

 

Thevendor, Microsoft, has released SecurityBulletin MS02-049(Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application WithoutWarning) to address this vulnerability, and recommends that affected users applythe patchmentioned in the bulletin.

 

CREDIT

Discoveredby Cristobal Bielza and Juan Carlos G. Cuartango from InstitutoSeguridad Internet.

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like