Microsoft Security Bulletin MS08-070 - Critical

12/12/2008 - 12:44 von Bernhard Herlemann | Report spam
Hallo NG,

Sollte man wegen "Aggregate Severity Rating --> Critical" auf jeden Fall
beachten.
Grüße

Bernhard


This security update resolves five privately reported vulnerabilities and
one publicly disclosed vulnerability in the ActiveX controls for the
Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities
could allow remote code execution if a user browsed a Web site that contains
specially crafted content. Users whose accounts are configured to have fewer
user rights on the system could be less impacted than users who operate with
administrative user rights.
This security update is rated Critical for supported components of the
Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of
..., Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, ...

http://www.microsoft.com/technet/se...8-070.mspx


Visual FoxPro 9.0 SP1 ActiveX Controls Security Update
A security issue has been identified that could allow an attacker to
compromise your Windows-based system running Visual FoxPro 9.0 Service Pack
1.
http://www.microsoft.com/downloads/...laylang=en



Visual FoxPro 9.0 SP2 ActiveX Controls Security Update
A security issue has been identified that could allow an attacker to
compromise your Windows-based system running Visual FoxPro 9.0 Service Pack
2.
http://www.microsoft.com/downloads/...x?familyid[1F28A9-DA8D-463A-8AE4-DFC8FCC6C41A&displaylang=en
 

Lesen sie die antworten

#1 Jürgen Wondzinski
12/12/2008 - 16:16 | Warnen spam
Nur zur Klarstellung:

Das Security-Problem ist nicht in FoxPro, sondern in diversen ActiveX
Controls, die wiederum von den verschiedenen DeveloperTools verwendet werden
könnten. Und da FoxPro zu den DeveloperTools zàhlt, ist es eben auch in der
Liste der betroffenen Produkte.

Nur: wer von uns nimmt zB das MaskedEdit-Control her? Wir haben schon immer
ne InputMask in unserer Textbox gehabt.. Und das FlexGrid? Pah.. Kein
Vergleich zu unserm Grid.

WinSock is da schon eher ein Kandidat.

Also das Update brav saugen, und auf allen greifbaren Rechnern verteilen.
Kann ja ned schaden, mal ne aktualisierte Version von den ActiveX Dingern zu
haben.




Jürgen Wondzinski

Microsoft Visual FoxPro Technologieberater
Microsoft Most Valuable Professional seit 1996
"*´¨)
¸.•´¸.•*´¨) ¸.•*¨)
(¸.•´. (¸.•` *
.•`.Visual FoxPro: It's magic !
(¸.•``••*

Ähnliche fragen