Application Execution Vulnerability in Microsoft Visual FoxPro 6.0
A vulnerability exists in Visual FoxPro 6.0 that can result in an attacker gaining control over the vulnerable system.
September 5, 2002
Reported September 4, 2002, byMicrosoft.
VERSION AFFECTED
· Microsoft Visual FoxPro 6.0
DESCRIPTION
A vulnerability exists in VisualFoxPro 6.0 that can result in an attacker gaining control over the vulnerablesystem. This vulnerability stems from a problem of Visual FoxPro's installationwhere the application doesn't register itself with Microsoft Internet Explorer(IE). As a result, an attacker can use a Web page or HTML email to launch anapplication on the vulnerable system.
VENDOR RESPONSE
Thevendor, Microsoft, has released SecurityBulletin MS02-049(Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application WithoutWarning) to address this vulnerability, and recommends that affected users applythe patchmentioned in the bulletin.
CREDIT
Discoveredby Cristobal Bielza and Juan Carlos G. Cuartango from InstitutoSeguridad Internet.
Read more about:
MicrosoftAbout the Author
You May Also Like