Vulnerability In Authenticode Verification Could Allow Remote Code Execution (823182) Network Vulnerability

Summary

There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog. To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user's system. Alternatively, an attacker could create a specially formed HTML e-mail and send it to the user. Exploiting the vulnerability would grant the attacker with the same privileges as the user.

Solution

see http://www.microsoft.com/technet/security/bulletin/ms03-041.mspx

Severity

Classification

CVE CVE-2003-0660

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
Cumulative Security Update for Internet Explorer (950759)
Buffer Overrun in Messenger Service (828035)

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

Take action and discover your vulnerabilities