On Jan 14, 2008 9:23 PM, Richard Kaye <[EMAIL PROTECTED]> wrote: > (9) HIGH: Microsoft Visual FoxPro Multiple ActiveX Controls Remote Command > Execution > Affected: > Microsoft Visual FoxPro version 6 and prior > > Description: Microsoft Visual FoxPro is an integrated development > environment for the FoxPro database language. Several ActiveX controls > installed by the application contain arbitrary command execution > vulnerabilities. These controls provide methods explicitly designed to > execute commands upon request, and do not verify the caller. A malicious > web page that instantiated one of these controls could exploit one of > these vulnerabilities to execute arbitrary code with the privileges of > the current user. Multiple proofs-of-concept are publicly available for > these vulnerabilities. Note that these vulnerabilities may be related > to issues discussed in previous editions of @RISK.
Solution: use Firefox. No ActiveX :-) -- Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
