Flaw in Windows Script May Allow Code to Run

By Thomas McGuire on March 19, 2003, 5:10 PM
An attacker may exploit a vulnerability in Windows Script Engine by constructing a Web page that, when visited by a user, runs code of the attacker’s choice with user credentials. The attacker can host the Web page on a Web site or send the page directly to the user by e-mail.

Affected Software;
Windows XP
Windows 2000
Windows NT 4.0, Windows NT 4.0 Terminal Server Edition
Windows Millennium Edition
Windows 98 Second Edition & Windows 98

Download Patch now from Microsoft.




User Comments: 6

Got something to say? Post a comment
poertner_1274 said:
Why does this not surprise me?
timmoore said:
I can understand the flaws in previous versions of Windows, but I never would have expected something like this to be overlooked in XP. How can Microsoft miss something like this? Thomas, do you have any ideas as to what we could do to prevent this happening to our computers? Hopefully Microsoft will release a patch for this soon, so I am not too worried, but it's better to be safe than sorry :grinthumb .
poertner_1274 said:
[quote][i]Originally posted by TS | Thomas [/i][b][url=http://support.microsoft.com/?kbid=814078]Downlo
d Patch[/url] now from Microsoft. [/b][/quote] Check that link :D
warr said:
why?because you put too much trust in crappy win XP. just name change from 2000 to XP, and that shakes your ass more than ever. :haha:
timmoore said:
My apologies, I did not see that patch link there ;) . warr, yes, I do put a lot of trust into XP as it has never failed me before. Maybe the odd problems here and there, but nothing a patch can't fix. Longhorn should be an improvement.
warr said:
always wait for Service Pack 1. :haha:
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.