Vigil@nce: IE, vulnerabilities of several ActiveX of June 2009
June 2009 by Vigil@nce
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
Severity: 2/4
Consequences: user access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 4
Creation date: 10/06/2009
Revision date: 17/06/2009
IMPACTED PRODUCTS
– Microsoft Internet Explorer
DESCRIPTION OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader
ActiveX in order to execute code on victim’s computer. [grav:2/4;
969898, BID-35218, CVE-2008-0024]
An attacker can use a vulnerability of the Derivco Microgaming
FlashXControl ActiveX in order to execute code on victim’s
computer. [grav:2/4; 969898, BID-35247]
An attacker can use a vulnerability of the eBay Enhanced Picture
Services ActiveX in order to execute code on victim’s computer.
[grav:2/4; 969898, BID-35248, CVE-2008-2475, VU#983731]
An attacker can use the WriteTaskDataToIniFile() method of the
McAfee Policy Manager naPolicyManager.dll ActiveX in order to
create a file on victim’s computer. [grav:1/4]
CHARACTERISTICS
Identifiers: 969898, BID-35218, BID-35247, BID-35248,
CVE-2008-0024, CVE-2008-2475, VIGILANCE-VUL-8785, VU#983731
http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-June-2009-8785