• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft File Transfer Manager ActiveX Control Buffer Overflow Vulnerability

The Microsoft File Transfer Manager (FTM) ActiveX control is used to allow beta test customers and others to download files from certain Microsoft sites.

The ActiveX control is reported to contain a buffer overflow that could potentially allow for execution of arbitrary code. Since this ActiveX control is signed by Microsoft, it can be installed without any warnings on a system where the user has chosen to always trust content from Microsoft.