{"vuid":"VU#539001","idnumber":"539001","name":"Microsoft Visual FoxPro fails to properly evaluate filenames before launching application","keywords":["Microsoft","Visual FoxPro","filename","lauch application",".app file","Q326568","MS02-049"],"overview":"There is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user.","clean_desc":"Microsoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute arbitrary Visual FoxPro applications on a victim's computer. The attacker's code would run with the privileges of the victim user. Successful exploitation of this vulnerability requires the presence of either Visual FoxPro 6.0 or its runtime components.","impact":"This vulnerability allows remote attackers to run malicious Visual FoxPro applications on affected systems.","resolution":"Apply a patch Microsoft has published Microsoft Security Bulletin MS02-049 to address this issue. For more information, please see http://www.microsoft.com/technet/security/bulletin/MS02-049.asp","workarounds":"","sysaffected":"","thanks":"This document is based upon information provided by Microsoft.","author":"This document was written by Jeffrey P. Lanza.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","M","S","0","2","-","0","4","9",".","a","s","p"],"cveids":["CVE-2002-0696"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-09-04T22:08:24Z","publicdate":"2002-09-04T00:00:00Z","datefirstpublished":"2002-09-12T19:39:34Z","dateupdated":"2002-09-17T17:20:43Z","revision":4,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"15","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"11.8125","cam_scorecurrentwidelyknown":"13.921875","cam_scorecurrentwidelyknownexploited":"18.140625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.8125,"vulnote":null}