Vulnerability Note VU#28370
Taskpads ActiveX Control incorrectly marked safe-for-scripting
The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting.
The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back Office resource kit was incorrectly marked safe-for-scripting. For more information, see
Intruders can execute arbitrary commands on a target system with the privileges of the victim.
Apply a patch as described in the bulletin.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||-||23 May 2002|
CVSS Metrics (Learn More)
Our thanks to Microsoft for the information contained in their advisory , upon which this document is based. Adrian O'Neill discovered the problem.
This document was written by Shawn V Hernan.
- CVE IDs: CVE-1999-0379
- Date Public: 22 Feb 99
- Date First Published: 23 May 2002
- Date Last Updated: 23 May 2002
- Severity Metric: 8.44
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.