Freely subscribe to our NEWSLETTER

SYNTHESIS OF THE VULNERABILITY

Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.

Severity: 2/4

Consequences: user access/rights, denial of service of client

Provenance: document

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by a trusted third party (4/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 4

Creation date: 01/04/2009

Revisions dates: 03/04/2009, 06/04/2009

IMPACTED PRODUCTS

– Microsoft Internet Explorer

DESCRIPTION OF THE VULNERABILITY

Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.

An attacker can create an overflow in the SaveViewToSessionFile()
method of the SAP AG SAPgui EAI webviewer3d.dll ActiveX (Siemens
Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D) in
order to execute code on victim’s computer. [grav:2/4; 1153794,
BID-34310, CVE-2007-4475, REJ-2009-1205, VU#985449]

An attacker can use the SaveBarCode() and SaveEnhWMF() methods of
the PrecisionID DMATRIXLib.Datamatrix ActiveX in order to create a
file on victim’s computer. [grav:1/4; BID-34322, CVE-2009-1212,
DSECRG-09-030]

An attacker can use the Src, Background and PackageXml parameters
to generate an overflow in the Autodesk IDrop.ocx ActiveX in order
to execute code on victim’s computer. [grav:2/4]

The Particle Software IntraLaunch.ocx ActiveX is conceived to
execute commands requested by a remote web site. [grav:2/4;
BID-34395, CVE-2009-0218, VU#908801]

CHARACTERISTICS

Identifiers: 1153794, BID-34310, BID-34322, BID-34395,
CVE-2007-4475, CVE-2009-0218, CVE-2009-1212, DSECRG-09-030,
REJ-2009-1205, VIGILANCE-VUL-8580, VU#908801, VU#985449

http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-April-2009-8580