The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting.
The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back Office resource kit was incorrectly marked safe-for-scripting. For more information, see
Intruders can execute arbitrary commands on a target system with the privileges of the victim.
Apply a patch as described in the bulletin.
Our thanks to Microsoft for the information contained in their advisory , upon which this document is based. Adrian O'Neill discovered the problem.
This document was written by Shawn V Hernan.
|Date First Published:||2002-05-23|
|Date Last Updated:||2002-05-23 18:21 UTC|