PT-2009-1310 · Microsoft · Windows Script Host+3

Published

2009-01-02

Updated

2018-10-30

CVE-2008-5823

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Money 2006

Description The issue is related to an ActiveX control in prtstb06.dll, which can cause a denial of service when used with WScript in Windows Script Host on Windows Vista. This occurs when a zero value is set for the Startup property, leading to an access violation and application crash.

Recommendations For Microsoft Money 2006, avoid using the ActiveX control in prtstb06.dll with WScript in Windows Script Host on Windows Vista, especially when setting the Startup property to zero, until a fix is available. As a temporary workaround, consider restricting the use of the ActiveX control in this specific configuration to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-5823

Affected Products

Money

Wscript

Windows Script Host

Windows Vista

PT-2009-1310 · Microsoft · Windows Script Host+3

CVE-2008-5823

Weakness Enumeration

Related Identifiers

Affected Products

References · 3