Taskpads Scripting Vulnerability
A vulnerability exists in the Taskpads feature which could allow a malicious web site operator to run executables on the computer of a visiting user.
Issue
Taskpads is a feature provided by several Microsoft Windows Resource Kit products. It is part of the Resource Kits' Tools Management Console Snap-in, and allows users to view and run Resource Kit Tools via an HTML page rather than through the standard Large Icon, Small, Icon, List, and Detailed Views. A vulnerability exists because certain methods provided by Taskpads are incorrectly marked as "safe for scripting" and can be misused by a web site operator to invoke executables on a visiting user's workstation without their knowledge or permission.
The affected products are, by default, not installed on Windows 95, Windows 98 or Windows NT®. The Windows 98 Resource Kit and Resource Kit Sampler can only be installed on Windows 98. The BackOffice Resource Kit can be installed on Windows 95, Windows 98 or Windows NT, but is most commonly installed on Windows NT servers, which, per recommended security practices, usually will not be used for web surfing.
Affected Products
- Windows 98 and BackOffice Resource Kit
Solution
Users should download the appropriate patch to protect their computers. The patches can be found at:
- Windows 98 Resource Kit
ftp://ftp.microsoft.com/reskit/win98/taskpads/tmcpatch.exe - Microsoft BackOffice
Intel version:
ftp://ftp.microsoft.com/reskit/nt4/x86/taskpads/itmcpatch.exe
Alpha version:
ftp://ftp.microsoft.com/reskit/nt4/alpha/taskpads/atmcpatch.exe
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: February 22, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
 |
 |
|
More Guides » | Registry Guide | Support Forums | Software Guide | Scripting Guide | Search |  | |
