Nessus Plugin #12298
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
ADODB.Stream object from Internet Explorer (KB870669)
- Family:
- Windows : Microsoft Bulletins
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 Noam Rathaus
- Summary:
- Checks for KB870669
- Version:
- $Revision: 1.6 $
- Cve_id:
- -
- Bugtraq_id:
- 10514
- Xrefs:
- -
- Description:
An ADO stream object represents a file in memory. The stream object contains
several methods for reading and writing binary files and text files.
When this by-design functionality is combined with known security
vulnerabilities in Microsoft Internet Explorer, an Internet Web site could
execute script from the Local Machine zone.
This behavior occurs because the ADODB.Stream object permits
access to the hard disk when the ADODB.Stream object is hosted
in Internet Explorer.
Solution : http://support.microsoft.com/?kbid=870669
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.