Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: IE, vulnerabilities of several ActiveX of December 2008

December 2008 by Vigil@nce

SYNTHESIS

Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.

Gravity: 2/4

Consequences: user access/rights, data reading, data
creation/edition

Provenance: document

Means of attack: 2 attacks

Ability of attacker: beginner (1/4)

Confidence: confirmed by a trusted third party (4/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 6

Creation date: 09/12/2008

Revision date: 15/12/2008

IMPACTED PRODUCTS

 Microsoft Internet Explorer

DESCRIPTION

Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.

An attacker can generate a buffer overflow in the BlackBerry
Desktop Manager Roxio Media Manager ActiveX in order to execute
code on victim’s computer. [grav:2/4; CVE-2007-0328, KB16469,
VU#524681]

An attacker can use a buffer overflow of the SetSource() method of
the Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX in order to
execute code on victim’s computer. [grav:2/4; BID-32665,
CVE-2008-4391, VU#639345]

An attacker can use the extractPagesToFile() method of the
Visagesoft eXPert PDF EditorX ActiveX in order to create a file on
victim’s computer. [grav:1/4; BID-32664]

An attacker can use the HttpDownloadFile() method of the
FlexCell.Grid ActiveX in order to create a file on victim’s
computer. [grav:1/4; BID-32443, CVE-2008-5404]

An attacker can create an overflow in the CreateStore() method of
the EasyMail MailStore Object emmailstore.dll ActiveX in order to
execute code on victim’s computer. [grav:2/4]

An attacker can generate an overflow in the RemoteAddress,
ProxyPrefix, ProxyName, Password, ProxyBypassList, LoginName and
CurrentDirectory propertires of the Evans Programming EvansFTP.ocx
ActiveX in order to execute code on victim’s computer. [grav:2/4]

CHARACTERISTICS

Identifiers: BID-32443, BID-32664, BID-32665, CVE-2007-0328,
CVE-2008-4391, CVE-2008-5404, KB16469, VIGILANCE-VUL-8297, VU#524681, VU#639345

http://vigilance.fr/vulnerability/8297


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts