Remote Code Execution in JView Profiler

Reported June 29, 2005 by SEC Consult

VERSIONS AFFECTED

           
Windows 98
Windows 2000
Windows XP
Windows Server 2003

DESCRIPTION

The JView Profiler contains a flaw that might allow a remote intruder to take complete control of an affected system.

VENDOR RESPONSE

Microsoft released a security bulletin, "Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)," and associated patch to correct the problem. The patch sets a "kill bit" to prevent the object from being loaded via Internet Explorer.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish