Vigil@nce: IE, vulnerabilities of several ActiveX of July 2009
July 2009 by Vigil@nce
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
– Severity: 2/4
– Consequences: user access/rights, denial of service of service
– Provenance: document
– Means of attack: 2 attacks
– Ability of attacker: beginner (1/4)
– Confidence: multiples sources (3/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 3
– Creation date: 20/07/2009
– Revision date: 23/07/2009
IMPACTED PRODUCTS
– Microsoft Internet Explorer
DESCRIPTION OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can generate an overflow in the PrinterName parameter
of the Avax Vector avPreview.ocx ActiveX, in order to execute code
on victim’s computer. [grav:2/4; BID-35583, CVE-2009-2377]
An attacker can use CreateFolder() and Copy() methods of the
COMRaider Idefense Labs ActiveX in order to create a directory or
to copy a file. [grav:1/4; BID-35725]
An attacker can use the Akamai Download Manager 2.2.3.7 ActiveX in
order to execute code on victim’s computer. [grav:2/4; 2009-0001,
BID-35778, CVE-2009-2582]
CHARACTERISTICS
– Identifiers: 2009-0001, BID-35583, BID-35725, BID-35778,
CVE-2009-2377, CVE-2009-2582, VIGILANCE-VUL-8874
– Url: http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-July-2009-8874