Reported September 4, 2002, by Microsoft.
· Microsoft Visual FoxPro 6.0
A vulnerability exists in Visual FoxPro 6.0 that can result in an attacker gaining control over the vulnerable system. This vulnerability stems from a problem of Visual FoxPro's installation where the application doesn't register itself with Microsoft Internet Explorer (IE). As a result, an attacker can use a Web page or HTML email to launch an application on the vulnerable system.
The vendor, Microsoft, has released Security Bulletin MS02-049 (Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application Without Warning) to address this vulnerability, and recommends that affected users apply the patch mentioned in the bulletin.
Discovered by Cristobal Bielza and Juan Carlos G. Cuartango from Instituto Seguridad Internet.