Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Active Setup Control Vulnerability
A vulnerability exists that could allow a malicious user to embed an unsafe executable within an email and disguise it as a safe type of attachment. Through a complicated series of steps, the unsafe executable could be made to execute under certain conditions, if the user opened the attachment.
Issue
A particular ActiveX control allows cabinet files to be launched and executed. This could allow an HTML mail to contain a malicious cabinet file, disguised as a file of an innocuous type. If a user attempted to open this file, the operation would fail but could, depending on the mail package, leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the mail to launch the copy, thereby executing the malicious code.
The vulnerability could only be exploited in cases where a mail reader were used that allowed scripts in HTML mail and stored temporary copies of launched programs in known locations. The patch restricts the ability of the control to launch unsigned cabinet files that have been downloaded from the local machine.
Affected Products
- The affected ActiveX control ships as part of Microsoft Internet Explorer 4 and 5
Download
Patch: http://www.microsoft.com/msdownload/iebuild/ascontrol/en/ascontrol.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: November 11, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
