OLE DB Provider for Internet Publishing Update: Levy Requests as User Security Vulnerability
The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by script running in the userís browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user.
Because it supports WebDAV, and WebDAV is the underlying technology behind many web-based collaboration features offered by Microsoft products, the Provider is installed by a variety of different Microsoft products. Itís provided as part of Windows Me and Windows 2000, and also can be installed by recent versions of Office as well as other Microsoft products.
Operating System - Windows 95 & 98, NT 4.0 & 2000, Windows Me
IMPORTANT DOWNLOAD INSTRUCTIONS
- Select "Run this Program from its Current Location" to start the download immediately.
- Select "Save this Program to Disk" to copy the download to your machine for installation at a later time.