| VID |
28048 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q326568) for the "Visual FoxPro 6.0 Automatic Application Execution Vulnerability" has not been applied.
Microsoft Visual FoxPro is an object-oriented database management system that enables the development of database solutions for desktop or the web. Visual FoxPro 6.0 and the runtime component are vulnerable to a condition that may allow for remote attackers to execute database and system commands on client hosts.
This occurs due to two issues with FoxPro. The first issue is that FoxPro does not register application file extensions (.app) with Internet Explorer. As a result, there is no warning prompt before Explorer downloads FoxPro application files. The second issue is that specially constructed application filenames can cause FoxPro to execute the application immediately, without user interaction. Attackers may exploit this vulnerability by luring victims to malicious webpages designed to automatically invoke FoxPro applications.
It is important to note that victims need not have installed the FoxPro product to be vulnerable. The runtime engine may be installed automatically by other applications without user knowledge. To identify whether FoxPro is installed, users or administrators should search for the following files:
vfp6r.dll, vfp6t.dll, or vfp6run.exe
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS02-049.asp
* Platforms Affected:
Microsoft Visual FoxPro 6.0
Windows Any version |
| Recommendation |
Apply the patch for this vulnerability, as listed in Microsoft's security bulletin MS02-049, http://www.microsoft.com/technet/security/bulletin/MS02-049.asp
1. Open the page : http://www.microsoft.com/downloads/Release.asp?ReleaseID=42297
2. Select your language from the drop-down list at the top of the page and then click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
-- OR --
As a workaournd for this vulnerability,
1. Open the <Control Panel> and Select the <Tools> option in the toolbar.
2. Select "Folder Options and then select the "File Types" tab
3. In the box titled "Registered File Types", choose the "APP" option.
4. If this is not in the list, Visual FoxPro has not been installed.
5. Click "Advanced" and then enable the check box "Confirm open after downloading" and Click "OK".
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2002-0696 (CVE) |
| Related URL |
5633 (SecurityFocus) |
| Related URL |
10035 (ISS) |
|
