|
|
|
 |
Vulnerability Note VU#539001Microsoft Visual FoxPro fails to properly evaluate filenames before launching applicationOverviewThere is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user.I. DescriptionMicrosoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute arbitrary Visual FoxPro applications on a victim's computer. The attacker's code would run with the privileges of the victim user. Successful exploitation of this vulnerability requires the presence of either Visual FoxPro 6.0 or its runtime components.II. ImpactThis vulnerability allows remote attackers to run malicious Visual FoxPro applications on affected systems.III. SolutionApply a patchMicrosoft has published Microsoft Security Bulletin MS02-049 to address this issue. For more information, please see Systems Affected
Referenceshttp://www.microsoft.com/technet/security/bulletin/MS02-049.asp
This document is based upon information provided by Microsoft. This document was written by Jeffrey P. Lanza.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||