Microsoft releases another pack of security bulletins
In another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft Word and Excel, Microsoft Windows XP, Microsoft SQL Server 7.0 and 2000.
Bulletin: MS02-059
Title: Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure
Risk: Moderate
Advisory:
Description:Word and Excel provide a mechanism through which data from one document can be inserted to and updated in another document. A vulnerability exists because it is possible to maliciously use field codes and external updates to steal information from a user without the user being aware.
Bulletin: MS02-060
Title: Flaw in Windows XP Help and Support Center Could Enable File Deletion
Risk: Moderate
Advisory:
Description:A security vulnerability is present in the Windows XP version of Help and Support Center, and results because a file intended only for use by the system is instead available for use by any web page.
Bulletin: MS02-061
Title: Elevation of Privilege in SQL Server Web Tasks
Risk: Critical
Advisory:
Description:An attacker who is able to authenticate to a SQL server could delete, insert or update all the web tasks created by other users. In addition, the attacker could run already created web tasks in the context of the creator of the web task.