Microsoft Visual FoxPro 6.0 Automatic Application Execution Vulnerability

Microsoft Visual FoxPro 6.0 and the runtime component are vulnerable to a condition that may allow for remote attackers to execute database and system commands on client hosts.

This occurs due to two issues with FoxPro. The first issue is that FoxPro does not register application file extensions (.app) with Internet Explorer. As a result, there is no warning prompt before Explorer downloads FoxPro application files. The second issue is that specially constructed application filenames can cause FoxPro to execute the application immediately, without user interaction.

Attackers may exploit this vulnerability by luring victims to malicious webpages designed to automatically invoke FoxPro applications.

It is important to note that victims need not have installed the FoxPro product to be vulnerable. The runtime engine may be installed automatically by other applications without user knowledge. To identify whether FoxPro is installed, users or administrators should search for the following files:

vfp6r.dll, vfp6t.dll, or vfp6run.exe

If any of these files are present, the patch available from Microsoft should be installed.


Privacy Statement
Copyright 2010, SecurityFocus