[Defectos] Microsoft AntiSpyware cscript/wscript Filter Bypass

Microsoft AntiSpyware cscript/wscript Filter Bypass
http://www.osvdb.org/14663

OSVDB ID: 14663
Disclosure Date: Mar 3, 2005

Description:

Microsoft Windows AntiSpyware contains a flaw that may allow a remote
attacker to bypass filter settings. The issue is triggered when
calling scripts with either 'cscript' or 'wscript' directly, which
would then not be blocked by the application. It is possible that the
flaw may allow a remote attacker to execute arbitrary code resulting
in a loss of integrity.

Vulnerability Classification:
* Remote/Network Access Required
* Input Manipulation
* Loss Of Integrity
* Exploit Unknown
* Verified


Products:
* Microsoft Corporation Microsoft AntiSpyware beta1


Solution:
Currently, there are no known upgrades, patches, or workarounds
available to correct this issue.

External References:

* Vendor URL: http://www.microsoft.com/
* Security Mail List Post:
http://archives.neohapsis.com/archi.../0080.html
* Security Mail List Post:
http://archives.neohapsis.com/archi.../0062.html


Credit:

*

Vulnerability Status:

This entry was last updated on Apr 2, 2005. If you have additional
information or corrections for this vulnerability please submit them
to .