CRITICAL (remote code execution)
A cross site scripting attack against the Microsoft Managment Console (MMC) could be used to inject hostile code on a system used to access the MCC. Only Windows 2000 SP4 appears to be vulnerable, and the exploit is not trivial.
Clients: HIGH for Windows 2000 SP4. Patch now.
Servers: LOW. Carefully test patch first.
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020
Aug 8th 2006
1 decade ago