Nessus Plugin #11886
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
- Family:
- Windows : Microsoft Bulletins
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2003 Jeff Adams
- Summary:
- Checks for hotfix Q823182
- Version:
- $Revision: 1.9 $
- Cve_id:
- CAN-2003-0660
- Bugtraq_id:
- 8830
- Xrefs:
- IAVA:2003-B-0006
- Description:
There is a vulnerability in Authenticode that, under certain low memory
conditions, could allow an ActiveX control to download and install without
presenting the user with an approval dialog. To exploit this vulnerability,
an attacker could host a malicious Web Site designed to exploit this
vulnerability. If an attacker then persuaded a user to visit that site an
ActiveX control could be installed and executed on the user's system.
Alternatively, an attacker could create a specially formed HTML e-mail and i
send it to the user.
Exploiting the vulnerability would grant the attacker with the same privileges
as the user.
Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-041.mspx
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.