Internet Explorer 5 Task Scheduler Allows Privilege Elevation on Windows NT (246972)
The information in this article applies to:
- Microsoft Internet Explorer 5.0 for Windows NT 4.0
This article was previously published under Q246972 SYMPTOMS
When you use the schedule feature for updating Web pages that is included with Internet Explorer version 5 to schedule jobs to run at a designated time, it may be possible for a malicious user to obtain elevated privileges on your computer and run a program on the local computer in the System context.
NOTE: Windows NT 4.0 includes a native task scheduler, known as the Schedule or AT service, that does not have this vulnerability. Only computers that are running Windows NT 4.0 with Internet Explorer version 5 installed may be affected by this vulnerability.
CAUSE
The Internet Explorer version 5 scheduling feature enforces control at two points: it restricts who can use the AT utility to create AT jobs, and it only runs AT jobs that are owned by a member of the local Administrators group. However, if a malicious user has Change access to a file owned by an administrator, he or she could modify it to be a valid AT job and place it in the appropriate folder. This would bypass the control mechanism and allow the job to be run. Internet Explorer version 5.01 eliminates this vulnerability by digitally signing all AT jobs at creation time and verifying the signature at run time.
RESOLUTION
To resolve this issue, upgrade the computer running Internet Explorer version 5 to Internet Explorer version 5.01. You can obtain Internet Explorer 5.01 from the following Microsoft Web site:
STATUSMicrosoft has confirmed that this is a problem in Windows NT 4.0.
| Modification Type: | Major | Last Reviewed: | 10/1/2002 |
|---|
| Keywords: | kbprb KB246972 |
|---|
|