CERTA-2000-AVI-068
Vulnerability from certfr_avis
Un contrôle ActiveX de Windows 2000 permet à un utilisateur mal intentionné d'exécuter du code grâce à un débordement de mémoire dans ce contrôle.
Description
Une mauvaise implémentation du contrôle ActiveX Microsoft System Monitor permet à un utilisateur mal intentionné de construire habilement une page web ou un courrier électronique au format HTML, et d'exécuter du code arbitraire sur la machine de la victime qui le lit.
Contournement provisoire
Désactiver l'exécution des Contrôles ActiveX de votre navigateur et du logiciel de courrier électronique comme indiqué dans les bulletins CERTA-2000-AVI-002, CERTA-2000-ALE-001, CERTA-2000-ALE-002 et CERTA-2000-INF-002.
Solution
Appliquer le correctif de Microsoft :
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows 2000 Advanced Server;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 2000 Server;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 2000 Professional;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 2000 Datacenter Server.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne mauvaise impl\u00e9mentation du contr\u00f4le ActiveX Microsoft System Monitor\npermet \u00e0 un utilisateur mal intentionn\u00e9 de construire habilement une\npage web ou un courrier \u00e9lectronique au format HTML, et d\u0027ex\u00e9cuter du\ncode arbitraire sur la machine de la victime qui le lit.\n\n## Contournement provisoire\n\nD\u00e9sactiver l\u0027ex\u00e9cution des Contr\u00f4les ActiveX de votre navigateur et du\nlogiciel de courrier \u00e9lectronique comme indiqu\u00e9 dans les bulletins\nCERTA-2000-AVI-002, CERTA-2000-ALE-001, CERTA-2000-ALE-002 et\nCERTA-2000-INF-002.\n\n## Solution\n\nAppliquer le correctif de Microsoft :\n\n http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532\n",
"cves": [],
"initial_release_date": "2000-11-03T00:00:00",
"last_revision_date": "2000-11-03T00:00:00",
"links": [
{
"title": "Le bulletin de S\u00e9curit\u00e9 Microsoft et sa FAQ :",
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-085.asp"
}
],
"reference": "CERTA-2000-AVI-068",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2000-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Un contr\u00f4le ActiveX de Windows 2000 permet \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code gr\u00e2ce \u00e0 un d\u00e9bordement de m\u00e9moire dans ce\ncontr\u00f4le.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans un contr\u00f4le ActiveX de Windows 2000",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…