Vigil@nce: IE, vulnerabilities of several ActiveX of May 2009
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
Severity: 2/4
Consequences: user access/rights, data reading, data
creation/edition, denial of service of client
Provenance: document
Means of attack: 2 attacks
Ability of attacker: beginner (1/4)
Confidence: multiples sources (3/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 7
Creation date: 06/05/2009
Revision date: 11/05/2009
IMPACTED PRODUCTS
– Microsoft Internet Explorer
DESCRIPTION OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can generate an overflow in the
OnBeforeVideoDownload() method of the BaoFeng mps.dll ActiveX in
order to execute code on victim’s computer. [grav:2/4; BID-34789]
An attacker can use the GetBackupLocationPath(), CallUninstall(),
SetupDeleteVolume(), CanUseEasySetup(), CallAddInitialProtection()
and CallTour() methods of the Norton Ghost Support module
Symantec.EasySetup.1 EasySetupInt.dll ActiveX in order to generate
a denial of service. [grav:1/4; BID-34696, CVE-2009-1517]
An attacker can use the Garmin Communicator Plug-In npGarmin.dll
ActiveX to connect to Garmin GPS products installed on victim’s
computer. [grav:1/4; BID-34858, CVE-2009-0194]
An attacker can generate an overflow in the CreateChinagames()
method of the Chinagames iGame CGAgent ActiveX in order to execute
code on victim’s computer. [grav:2/4; BID-34871]
An attacker can generate an overflow in the SetAttributeValue()
method of the BaoFeng mps.dll ActiveX in order to execute code on
victim’s computer. [grav:2/4; BID-34869]
An attacker can use several memory corruptions of the CycloMedia
CycloScopeLite ActiveX (ReturnConnection() method of
CM_ADOConnection.dll, CM_AddressInfoDBC.dll and
CM_RecordingLocationDBC.dll) in order to execute code on victim’s
computer. [grav:2/4; BID-34912]
An attakcer can use several buffer overflows of the Dafolo
DafoloControl ActiveX in order to execute code on victim’s
computer. [grav:2/4; BID-34900]
CHARACTERISTICS
Identifiers: BID-34696, BID-34789, BID-34858, BID-34869,
BID-34871, BID-34900, BID-34912, CVE-2009-0194, CVE-2009-1517, VIGILANCE-VUL-8694
http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-May-2009-8694