Overview
The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting.
Description
The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back Office resource kit was incorrectly marked safe-for-scripting. For more information, see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-007.asp |
Impact
Intruders can execute arbitrary commands on a target system with the privileges of the victim. |
Solution
Apply a patch as described in the bulletin. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to Microsoft for the information contained in their advisory, upon which this document is based. Adrian O'Neill discovered the problem.
This document was written by Shawn V Hernan.
Other Information
| CVE IDs: | CVE-1999-0379 |
| Severity Metric: | 8.44 |
| Date Public: | 1999-02-22 |
| Date First Published: | 2002-05-23 |
| Date Last Updated: | 2002-05-23 18:21 UTC |
| Document Revision: | 5 |