Vigil@nce: IE, vulnerabilities of several ActiveX of April 2009
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
Severity: 2/4
Consequences: user access/rights, denial of service of client
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by a trusted third party (4/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 4
Creation date: 01/04/2009
Revisions dates: 03/04/2009, 06/04/2009
IMPACTED PRODUCTS
– Microsoft Internet Explorer
DESCRIPTION OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can create an overflow in the SaveViewToSessionFile()
method of the SAP AG SAPgui EAI webviewer3d.dll ActiveX (Siemens
Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D) in
order to execute code on victim’s computer. [grav:2/4; 1153794,
BID-34310, CVE-2007-4475, REJ-2009-1205, VU#985449]
An attacker can use the SaveBarCode() and SaveEnhWMF() methods of
the PrecisionID DMATRIXLib.Datamatrix ActiveX in order to create a
file on victim’s computer. [grav:1/4; BID-34322, CVE-2009-1212,
DSECRG-09-030]
An attacker can use the Src, Background and PackageXml parameters
to generate an overflow in the Autodesk IDrop.ocx ActiveX in order
to execute code on victim’s computer. [grav:2/4]
The Particle Software IntraLaunch.ocx ActiveX is conceived to
execute commands requested by a remote web site. [grav:2/4;
BID-34395, CVE-2009-0218, VU#908801]
CHARACTERISTICS
Identifiers: 1153794, BID-34310, BID-34322, BID-34395,
CVE-2007-4475, CVE-2009-0218, CVE-2009-1212, DSECRG-09-030,
REJ-2009-1205, VIGILANCE-VUL-8580, VU#908801, VU#985449
http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-April-2009-8580