CERTA-2000-AVI-068
Vulnerability from certfr_avis - Published: - Updated:
Un contrôle ActiveX de Windows 2000 permet à un utilisateur mal intentionné d'exécuter du code grâce à un débordement de mémoire dans ce contrôle.
Description
Une mauvaise implémentation du contrôle ActiveX Microsoft System Monitor permet à un utilisateur mal intentionné de construire habilement une page web ou un courrier électronique au format HTML, et d'exécuter du code arbitraire sur la machine de la victime qui le lit.
Contournement provisoire
Désactiver l'exécution des Contrôles ActiveX de votre navigateur et du logiciel de courrier électronique comme indiqué dans les bulletins CERTA-2000-AVI-002, CERTA-2000-ALE-001, CERTA-2000-ALE-002 et CERTA-2000-INF-002.
Solution
Appliquer le correctif de Microsoft :
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows 2000 Advanced Server;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 2000 Server;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 2000 Professional;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 2000 Datacenter Server.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne mauvaise impl\u00e9mentation du contr\u00f4le ActiveX Microsoft System Monitor\npermet \u00e0 un utilisateur mal intentionn\u00e9 de construire habilement une\npage web ou un courrier \u00e9lectronique au format HTML, et d\u0027ex\u00e9cuter du\ncode arbitraire sur la machine de la victime qui le lit.\n\n## Contournement provisoire\n\nD\u00e9sactiver l\u0027ex\u00e9cution des Contr\u00f4les ActiveX de votre navigateur et du\nlogiciel de courrier \u00e9lectronique comme indiqu\u00e9 dans les bulletins\nCERTA-2000-AVI-002, CERTA-2000-ALE-001, CERTA-2000-ALE-002 et\nCERTA-2000-INF-002.\n\n## Solution\n\nAppliquer le correctif de Microsoft :\n\n http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532\n",
"cves": [],
"links": [
{
"title": "Le bulletin de S\u00e9curit\u00e9 Microsoft et sa FAQ :",
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-085.asp"
}
],
"reference": "CERTA-2000-AVI-068",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2000-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Un contr\u00f4le ActiveX de Windows 2000 permet \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code gr\u00e2ce \u00e0 un d\u00e9bordement de m\u00e9moire dans ce\ncontr\u00f4le.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans un contr\u00f4le ActiveX de Windows 2000",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…