{"vuid":"VU#28370","idnumber":"28370","name":"Taskpads ActiveX Control incorrectly marked safe-for-scripting","keywords":["ActiveX Control","Taskpads","safe-for-scripting","safe for scripting"],"overview":"The taskpads ActiveX  control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting.","clean_desc":"The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back Office resource kit was incorrectly marked safe-for-scripting. For more information, see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-007.asp The Class ID for this control is D306C3B7-2AD5-11D1-9E9A-00805F200005. This software is not installed by default on any system.","impact":"Intruders can execute arbitrary commands on a target system with the privileges of the victim.","resolution":"Apply a patch as described in the bulletin.","workarounds":"","sysaffected":"","thanks":"Our thanks to Microsoft for the information contained in their \nadvisory\n, upon which this document is based. Adrian O'Neill discovered  the problem.","author":"This document was written by Shawn V Hernan.","public":["http://www.microsoft.com/technet/security/bulletin/MS99-007.asp","http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218619"],"cveids":["CVE-1999-0379"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-08-21T14:55:10Z","publicdate":"1999-02-22T00:00:00Z","datefirstpublished":"2002-05-23T18:21:16Z","dateupdated":"2002-05-23T18:21:19Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"10","cam_impact":"15","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"8.4375","cam_scorecurrentwidelyknown":"8.4375","cam_scorecurrentwidelyknownexploited":"16.875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.4375,"vulnote":null}