Microsoft Information for VU#31994
MS ActiveMovieControl Object downloads arbitrary files
- Vendor Information Help Date Notified: 25 May 2000
- Statement Date:
- Date Updated: 15 Nov 2000
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Security Bulletin MS00-046 says in several places that the attacker cannot "add, change, or delete files". Based on our understanding of the vulnerability, the attacker can add and possibly change (by overwriting) files.
If you have feedback, comments, or additional information about this vulnerability, please send us email.