Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability

Hazardous ActiveX objects may be executed in Internet Explorer 5.01 through the use of Excel and Powerpoint 2000 and certain OBJECT tags on web pages and HTML messages utilizing IFRAME. An example would be the SaveAs object. It has the capability of saving an Excel or Powerpoint file on any location on a remote system unknowingly to a user, including the start up folder which would force the file to open the next time the user started up windows. If the file was an *.hta file, execution of any application on the system is feasible. Other objects aside from SaveAs may also be exploited with similar methods.


Privacy Statement
Copyright 2010, SecurityFocus