The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed – instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user’s web site – either by browsing to the site or by opening an HTML mail that initiated a session with it – an application on the site could capture the user’s NTLM credentials. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources. The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user’s computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system. However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system. This download is for Windows ME (without Office 2000 installed).
The VirtuaRAID is advanced RAID array application for software RAID solutions.
With VirtuaRAID you can consolidate up to 5 files in one virtual disk,...
There is a denial of service vulnerability in WebTV for Windows that may allow a malicious user to remotely crash either the WebTV for Windows applica...
Windows Media Player supports the use of Active Stream Redirector (.ASX) files to enable users to play streaming media that resides on intranet or Int...
The 'ASX Buffer Overrun' vulnerability: Windows Media Player supports the use of Active Stream Redirector (.ASX) files to enable users to play streami...
If a connection to a server running the Windows Media Unicast Service was started, then severed, in a particular way, the service would “leak” some of...
There is a denial of service vulnerability that affects Windows NT 4.0 Windows 95, 98, 98 Second Edition and Windows Me. (Windows 2000 is not affected...
A patch that eliminates a security vulnerability in Microsoft® Windows NT 4.0. Under certain conditions, the vulnerabilitycould be used to cause a Win...
The Word 2000 Mail Merge Security Update protects you from a vulnerability in the mail merge function in Word with Access databases as a data source. ...
The Word 97 Mail Merge Security Update protects you from a vulnerability in the mail merge function in Word with Access databases as a data source. Be...
Utility to patch MSIE 3.x to prevent it from sending its User-Agent tag during http request. Basicaly turns MSIE 3.x into a 'stealth browser' (from th...