Vulnerability Note VU#28370
Taskpads ActiveX Control incorrectly marked safe-for-scripting
The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting.
The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back Office resource kit was incorrectly marked safe-for-scripting. For more information, see
The Class ID for this control is D306C3B7-2AD5-11D1-9E9A-00805F200005. This software is not installed by default on any system.
Intruders can execute arbitrary commands on a target system with the privileges of the victim.
Apply a patch as described in the bulletin.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||-||23 May 2002|
CVSS Metrics (Learn More)
Our thanks to Microsoft for the information contained in their advisory, upon which this document is based. Adrian O'Neill discovered the problem.
This document was written by Shawn V Hernan.
- CVE IDs: CVE-1999-0379
- Date Public: 22 Feb 99
- Date First Published: 23 May 2002
- Date Last Updated: 23 May 2002
- Severity Metric: 8.44
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.