Vigil@nce: IE, vulnerabilities of several ActiveX of September 2008
September 2008 by Vigil@nce
SYNTHESIS
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
Gravity: 2/4
Consequences: user access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/09/2008
Identifier: VIGILANCE-VUL-8078
IMPACTED PRODUCTS
– Microsoft Internet Explorer [confidential versions]
DESCRIPTION
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can use the GetTextFile() method of Friendly
Technologies fwRemoteCfg.dll ActiveX to access to the registry
database. [grav:2/4; BID-30939, BID-30940]
An attacker can generate an overflow in the LogMeIn Remote Access
Utility RACtrl.dll ActiveX in order to execute code. [grav:2/4;
BID-30923]
An attacker can generate an overflow in the Najdi.si Toolbar
najdisitoolbar.dll ActiveX in order to execute code. [grav:2/4;
BID-30922]
CHARACTERISTICS
Identifiers: BID-30922, BID-30923, BID-30939, BID-30940,
VIGILANCE-VUL-8078