Vigil@nce: IE, vulnerabilities of several ActiveX of January 2009
January 2009 by Vigil@nce
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
– Gravity: 2/4
– Consequences: user access/rights, data reading, data
creation/edition
– Provenance: document
– Means of attack: 2 attacks
– Ability of attacker: beginner (1/4)
– Confidence: multiples sources (3/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 7
– Creation date: 07/01/2009
– Revision date: 13/01/2009
IMPACTED PRODUCTS
– Microsoft Internet Explorer
DESCRIPTION OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can generate an overflow in the AddTab() method of the
ComponentOne SizerOne c1sizer.ocx ActiveX in order to execute code
on victim’s computer. [grav:2/4; BID-33148, CVE-2008-4827]
An attacker can generate an overflow in the AddTab() method of the
TSC2 Help Desk CTab c1sizer.ocx ActiveX in order to execute code
on victim’s computer. [grav:2/4; BID-33148, CVE-2008-4827]
An attacker can generate an overflow in the AddTab() method of the
SAP GUI TabOn sizerone.ocx ActiveX in order to execute code on
victim’s computer. [grav:2/4; BID-33148, CVE-2008-4827]
An attacker can use the Save() and HttpDownloadFile() methods of
the Excel Viewer OCX 3.2 ActiveX in order to alter a file on
victim’s computer. [grav:1/4; BID-33222]
An attacker can use the SaveToFile() method of the Ciansoft
PDFBuilderX ActiveX in order to create a file on victim’s
computer. [grav:2/4]
An attacker can use the Save() method of the PowerPoint Viewer
ActiveX in order to create a file on victim’s computer. [grav:1/4]
An attacker can use the OpenWebFile() method of the PowerPoint
Viewer ActiveX in order to execute code on victim’s computer.
[grav:2/4]
CHARACTERISTICS
– Identifiers: BID-33148, BID-33222, CVE-2008-4827,
VIGILANCE-VUL-8375
– Url: http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-January-2009-8375