Vigil@nce: IE, vulnerabilities of several ActiveX of June 2008
June 2008 by Vigil@nce
SYNTHESIS
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
Gravity: 2/4
Consequences: user access/rights, data creation/edition
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/06/2008
Identifier: VIGILANCE-VUL-7869
IMPACTED PRODUCTS
– Microsoft Internet Explorer [confidential versions]
DESCRIPTION
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can use the ServerList() method of Ourgame
GLIEDown2.dll ActiveX in order to execute code on victim’s
computer. [grav:2/4; BID-29446]
Several vulnerabilities of the HP Instant Support
HPISDataManager.dll ActiveX can be used by an attacker to execute
code on victim’s computer. [grav:2/4; c01422264, CSIS-RI-0003,
CVE-2007-5604, CVE-2007-5605, CVE-2007-5606, CVE-2007-5607,
CVE-2007-5610, CVE-2008-0952, CVE-2008-0953, HPSBMA02326,
SSRT071490, VU#190939, VU#221123, VU#526131, VU#558163, VU#754403, VU#857539, VU#949587, VU#998779]
An attacker can use the C6 Messenger Installation Url Downloader
ActiveX to upload a file to victim’s computer. [grav:2/4]
CHARACTERISTICS
Identifiers: BID-29446, c01422264, CSIS-RI-0003, CVE-2007-5604,
CVE-2007-5605, CVE-2007-5606, CVE-2007-5607, CVE-2007-5610,
CVE-2008-0952, CVE-2008-0953, HPSBMA02326, SSRT071490,
VIGILANCE-VUL-7869, VU#190939, VU#221123, VU#526131, VU#558163,
VU#754403, VU#857539, VU#949587, VU#998779