Vigil@nce: IE, vulnerabilities of several ActiveX of August 2008
September 2008 by Vigil@nce
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
– Gravity: 2/4
– Consequences: user access/rights, data reading, data
creation/edition
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 29/08/2008
– Identifier: VIGILANCE-VUL-8074
IMPACTED PRODUCTS
– Microsoft Internet Explorer [confidential versions]
– VMware ACE [confidential versions]
– VMware Player [confidential versions]
– VMware Server [confidential versions]
– VMware Workstation [confidential versions]
DESCRIPTION
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
Several vulnerabilities were announced in VMware ActiveX.
[grav:2/4; CVE-2007-5438, CVE-2008-3691, CVE-2008-3692,
CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2008-3696]
An attacker can use a long Mask parameter in order to create a
buffer overflow in the Microsoft Visual Studio Msmask32.ocx
ActiveX. [grav:2/4; BID-30674, CVE-2008-3704]
An attacker can create an overflow in the HttpUpload() method of
the Ultra Office ActiveX in order to execute code on victim’s
computer. [grav:2/4]
An attacker can create an overflow in the CreateURLShortcut()
method of Friendly Technologies fwRemoteCfg.dll ActiveX in order
to execute code. [grav:2/4; BID-30891]
An attacker can use the RunApp() method of Friendly Technologies
fwRemoteCfg.dll ActiveX in order to execute a command. [grav:2/4;
BID-30889]
An attacker can generate an overflow in the NewObject() method of
Cisco WebEx Meeting Manager WebexUCFObject atucfobj.dll ActiveX in
order to execute code on victim’s computer. [grav:2/4; 107751,
BID-30578, cisco-sa-20080814-webex, CVE-2008-3558, REJ-2008-2737,
VU#661827]
Several buffer overflows of the SoftArtisans XFile FileManager
ActiveX can be used by an attacker to execute code. [grav:2/4;
BID-30826, CVE-2007-1682, VU#914785]
An attacker can use an overflow in the ReadGIF() method of
JComSoft Animation GIF AniGIF.ocx ActiveX in order to execute code
on victim’s computer. [grav:2/4; BID-30621, CVE-2008-3702]
CHARACTERISTICS
– Identifiers: 107751, BID-30578, BID-30621, BID-30674, BID-30826,
BID-30889, BID-30891, cisco-sa-20080814-webex, CVE-2007-1682,
CVE-2007-5438, CVE-2008-3558, CVE-2008-3691, CVE-2008-3692,
CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2008-3696,
CVE-2008-3702, CVE-2008-3704, REJ-2008-2737, VIGILANCE-VUL-8074,
VU#661827, VU#914785
– Url: https://vigilance.aql.fr/tree/1/8074