http://www.microsoft.com/technet/security/bulletin/fq00-034.asp
Office 2000 ships with an ActiveX control that is incorrectly marked as
"safe for scripting". Because of the incorrect marking, a malicious web
site operator could use the control to take inappropriate actions on the
machine of a visiting user. The control ships only with Office
2000, so customers using previous versions do not need to take any
action.
The vulnerability exists because an ActiveX control, the Office 2000 UA
Control, is incorrectly marked as "safe for scripting". It exposes
fairly powerful functionality that is inappropriate for use by web
sites.
ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Sat May 13 03:04 CDT 2000