Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/246972

From BetaArchive Wiki
Knowledge Base


Article ID: 246972

Article Last Modified on 9/27/2007



APPLIES TO

  • Microsoft Internet Explorer 5.0



This article was previously published under Q246972

SYMPTOMS

When you use the schedule feature for updating Web pages that is included with Internet Explorer version 5 to schedule jobs to run at a designated time, it may be possible for a malicious user to obtain elevated privileges on your computer and run a program on the local computer in the System context.

NOTE: Windows NT 4.0 includes a native task scheduler, known as the Schedule or AT service, that does not have this vulnerability. Only computers that are running Windows NT 4.0 with Internet Explorer version 5 installed may be affected by this vulnerability.

CAUSE

The Internet Explorer version 5 scheduling feature enforces control at two points: it restricts who can use the AT utility to create AT jobs, and it only runs AT jobs that are owned by a member of the local Administrators group. However, if a malicious user has Change access to a file owned by an administrator, he or she could modify it to be a valid AT job and place it in the appropriate folder. This would bypass the control mechanism and allow the job to be run. Internet Explorer version 5.01 eliminates this vulnerability by digitally signing all AT jobs at creation time and verifying the signature at run time.

RESOLUTION

To resolve this issue, upgrade the computer running Internet Explorer version 5 to Internet Explorer version 5.01. You can obtain Internet Explorer 5.01 from the following Microsoft Web site:

STATUS

Microsoft has confirmed that this is a problem in Windows NT 4.0.

MORE INFORMATION

For related information about this problem, please visit the following Microsoft Web site:

For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

Keywords: kbprb KB246972