FoxPro ActiveX (FPOLE.OCX) Security Bug Fix
In case you haven’t heard, Microsoft released several security updates yesterday — 11, to be exact. One of these patches updates a known issue with VFP regarding FPOLE.OCX. This is what was written in the Washington Post:
MS08-010 fixes a publicly disclosed ActiveX bug that affects Visual FoxPro users. Although hackers have already posted code showing how to exploit this vulnerability, the buggy ActiveX control is not included in Internet Explorer 7’s default list of controls, so the flaw should not affect most users.
You can read more information about this patch (and details about the vulnerability) here: ISS:
The Microsoft Visual FoxPro ActiveX control is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the FoxDoCmd function. By persuading a victim to visit a malicious Web page using Internet Explorer, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim.
More info: http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Of course, MS recommends to get patched right away…
I'm a Quant Technical Specialist (Data Warehousing and Business Intelligence), with expertise in business analysis, data modeling, and data integration. I have extensive experience developing vertical and integrated desktop, Internet, and BI applications spanning municipal, clinical, and financial industries.
