PT-1999-1736 · Microsoft · Msn Setup Bbs
Published
1999-09-24
·
Updated
2017-12-19
·
CVE-1999-1484
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
MSN Setup BBS version 4.71.0.10
Description:
A buffer overflow issue exists in the MSN Setup BBS ActiveX control, which allows a remote attacker to execute arbitrary commands. This can be achieved through the methods
vAddNewsServer or bIsNewsServerConfigured.Recommendations:
For MSN Setup BBS version 4.71.0.10, consider disabling the
vAddNewsServer and bIsNewsServerConfigured methods until a patch is available. Restrict access to the setupbbs.ocx ActiveX control to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Msn Setup Bbs