|
|
Family: Windows : Microsoft Bulletins --> Category: infos
ADODB.Stream object from Internet Explorer (870669) Vulnerability Scan
Vulnerability Scan Summary
Makes sure that a given registry key is missing
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains a version of IE which may read and write to
local files.
Description :
The remote host contains a vulnerability in IE. The ADODB.Stream
object can be used by a malicious web page to read and write to local
files.
A possible hacker may use this flaw to gain access to the data on the remote
host. To exploit this flaw, a possible hacker would need to set up a rogue
web site and lure a user on the remote host into visiting it. If the
web site contains the proper call to the ADODB object, then it may
execute data on the remote host.
Solution :
Microsoft produced a workaround for this problem :
http://support.microsoft.com/?kbid=870669
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:H/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
