Freely subscribe to our NEWSLETTER

– Gravity: 2/4
– Consequences: user access/rights, data reading, data
creation/edition
– Provenance: document
– Means of attack: 2 attacks
– Ability of attacker: beginner (1/4)
– Confidence: multiples sources (3/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 7
– Creation date: 07/01/2009
– Revision date: 13/01/2009

IMPACTED PRODUCTS

– Microsoft Internet Explorer

DESCRIPTION OF THE VULNERABILITY

Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.

An attacker can generate an overflow in the AddTab() method of the
ComponentOne SizerOne c1sizer.ocx ActiveX in order to execute code
on victim’s computer. [grav:2/4; BID-33148, CVE-2008-4827]

An attacker can generate an overflow in the AddTab() method of the
TSC2 Help Desk CTab c1sizer.ocx ActiveX in order to execute code
on victim’s computer. [grav:2/4; BID-33148, CVE-2008-4827]

An attacker can generate an overflow in the AddTab() method of the
SAP GUI TabOn sizerone.ocx ActiveX in order to execute code on
victim’s computer. [grav:2/4; BID-33148, CVE-2008-4827]

An attacker can use the Save() and HttpDownloadFile() methods of
the Excel Viewer OCX 3.2 ActiveX in order to alter a file on
victim’s computer. [grav:1/4; BID-33222]

An attacker can use the SaveToFile() method of the Ciansoft
PDFBuilderX ActiveX in order to create a file on victim’s
computer. [grav:2/4]

An attacker can use the Save() method of the PowerPoint Viewer
ActiveX in order to create a file on victim’s computer. [grav:1/4]

An attacker can use the OpenWebFile() method of the PowerPoint
Viewer ActiveX in order to execute code on victim’s computer.
[grav:2/4]

CHARACTERISTICS

– Identifiers: BID-33148, BID-33222, CVE-2008-4827,
VIGILANCE-VUL-8375
– Url: http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-January-2009-8375