[Defectos] Microsoft AntiSpyware cscript/wscript Filter Bypass

03/04/2005 - 21:09 por E | Informe spam
Microsoft AntiSpyware cscript/wscript Filter Bypass
http://www.osvdb.org/14663

OSVDB ID: 14663
Disclosure Date: Mar 3, 2005

Description:

Microsoft Windows AntiSpyware contains a flaw that may allow a remote
attacker to bypass filter settings. The issue is triggered when
calling scripts with either 'cscript' or 'wscript' directly, which
would then not be blocked by the application. It is possible that the
flaw may allow a remote attacker to execute arbitrary code resulting
in a loss of integrity.

Vulnerability Classification:
* Remote/Network Access Required
* Input Manipulation
* Loss Of Integrity
* Exploit Unknown
* Verified


Products:
* Microsoft Corporation Microsoft AntiSpyware beta1


Solution:
Currently, there are no known upgrades, patches, or workarounds
available to correct this issue.

External References:

* Vendor URL: http://www.microsoft.com/
* Security Mail List Post:
http://archives.neohapsis.com/archi.../0080.html
* Security Mail List Post:
http://archives.neohapsis.com/archi.../0062.html


Credit:

*

Vulnerability Status:

This entry was last updated on Apr 2, 2005. If you have additional
information or corrections for this vulnerability please submit them
to .

Preguntas similare

Leer las respuestas

#1 Constantine
04/04/2005 - 02:09 | Informe spam
Grandisima bestia, es un software que está en fase beta,
por desinformar a la gente y haber nacido te irás al
infierno a donde perteneces enjendro.

Constantine.


Microsoft AntiSpyware cscript/wscript Filter Bypass
http://www.osvdb.org/14663

OSVDB ID: 14663
Disclosure Date: Mar 3, 2005

Description:

Microsoft Windows AntiSpyware contains a flaw that may


allow a remote
attacker to bypass filter settings. The issue is


triggered when
calling scripts with either 'cscript' or 'wscript'


directly, which
would then not be blocked by the application. It is


possible that the
flaw may allow a remote attacker to execute arbitrary


code resulting
in a loss of integrity.

Vulnerability Classification:
* Remote/Network Access Required
* Input Manipulation
* Loss Of Integrity
* Exploit Unknown
* Verified


Products:
* Microsoft Corporation Microsoft AntiSpyware beta1


Solution:
Currently, there are no known upgrades, patches, or


workarounds
available to correct this issue.

External References:

* Vendor URL: http://www.microsoft.com/
* Security Mail List Post:
http://archives.neohapsis.com/archi...traq/2005-


03/0080.html
* Security Mail List Post:
http://archives.neohapsis.com/archi...traq/2005-


03/0062.html


Credit:

*

Vulnerability Status:

This entry was last updated on Apr 2, 2005. If you have


additional
information or corrections for this vulnerability please


submit them
to .
.

email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida