Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Web Components spell danger for Microsoft software

  • 23-08-2002 9:31pm
    #1
    Registered Users, Registered Users 2 Posts: 14,149 ✭✭✭✭


    Article found at PC Pro


    Friday 23rd August 2002
    Web Components spell danger for Microsoft software
    [PC Pro] 12:35

    Critical flaws emerge across Microsoft's product line through vulnerabilities in its Office Web Components technology.

    The flaws described in Security Bulletin MS02-044, Unsafe Functions in Office Web Components , are rated as 'critical' for client systems, but low or moderate for server systems. Potentially, attackers could execute commands on a user's machine and access files on their system.

    The Microsoft Office Web Components involve ActiveX controls to provide Office functionality through a browser, without requiring that the user install the full Microsoft Office application. However, it appears malicious Web sites or HTML mail may be able to take advantage of the controls.

    The 2000 and 2002 editions of Microsoft Office Web Components contain the vulnerabilities and the products that are affected - through their use of Web Components technology - include Office XP, Project 2002 and Money 2003.

    The full list comprises: BackOffice Server 2000, BizTalk Server 2000, BizTalk Server 2002, Commerce Server 2000, Commerce Server 2002, Internet Security and Acceleration Server 2000, Money 2002, Money 2003, Office 2000, Office XP, Project 2002, Project Server 2002 and Small Business Server 2000

    Microsoft recommends that users of these products should install the appropriate patches immediately.

    In more detail, the vulnerabilities relate to the Host() function (by which an attacker could remotely execute commands), the LoadText() function (by which files could be read on the user's system) and the Copy()/Paste() functions (which could give access to the contents of the users paste buffer).

    More information on the patches available can read be read in the MS02-044 bulletin on Microsoft's TechNet Web site.


Advertisement