Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | NeoSoft NeoBook Content Authoring System Allows Remote Users to Execute Code When Malicious Content is Viewed |
|---|
Categorie: Vulnerability
Posted: 2002-11-20 by ReCall
Views: 323
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
escription: A vulnerability was reported in NeoSoft's NeoBook authoring software. A remote user can execute malicious code on a target user's computer.
It is reported that a remote user can create malicious code in a NeoBook project package so that, when the project is viewed by a target user, malicious code will execute on the target user's computer.
According to the report, the 'NBActiveX.ocx' ActiveX control (used with NeoBook to execute programs on Windows-based systems) can silently execute malicious code. A remote user can create NeoBook content in 'Distribution Mode' containing malicious code. NeoBook will include the vulnerable ActiveX control as part of the project file. So, when a target user downloads the NeoBook content, the ActiveX component will be installed and the malicious code will execute on the target user's computer.
Impact: A remote user can create malicious content that, when loaded, will execute arbitrary commands on
a target user's computer.
Solution: No solution was available at the time of this entry. The author of the report indicates that you can
disable ActiveX scripting on Internet Explorer to avoid this flaw.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=332
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
