Microsoft Security Bulletin MS00-042 announces the availability of a patch that eliminates a vulnerability in an ActiveX control that ships with Microsoft Internet Explorer.
What's the scope of the vulnerability?
This is a denial of service vulnerability. It could allow a malicious web site operator to overwrite a file on the computer of a visiting user. If certain system files on the computer were overwritten, it could render the visitor´s computer unusable.
The vulnerability could only be used to overwrite a file as a means of preventing it from operating - it could not be used to replace an executable file with new code of the malicious web site operator´s choice. If the malicious user's web site were running in a Security Zone in which ActiveX controls are not allowed to run, the vulnerability could not be exploited.
Read more
What's the scope of the vulnerability?
This is a denial of service vulnerability. It could allow a malicious web site operator to overwrite a file on the computer of a visiting user. If certain system files on the computer were overwritten, it could render the visitor´s computer unusable.
The vulnerability could only be used to overwrite a file as a means of preventing it from operating - it could not be used to replace an executable file with new code of the malicious web site operator´s choice. If the malicious user's web site were running in a Security Zone in which ActiveX controls are not allowed to run, the vulnerability could not be exploited.
Read more