Microsoft Visual Studio Two ActiveX Controls Insecure Methods

Posted on Friday, September 14, 2007 @ 15:09:40 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA26779

VERIFY ADVISORY: http://secunia.com/advisories/26779/

CRITICAL: Highly critical

IMPACT: Manipulation of data, System access

WHERE: >From remote

SOFTWARE:
Microsoft Visual Studio 6 Professional - http://secunia.com/product/409/
Microsoft Visual Studio 6 Enterprise - http://secunia.com/product/408/

DESCRIPTION: shinnai has reported some vulnerabilities in Microsoft Visual Studio, which can be exploited by malicious people to overwrite arbitrary files or potentially compromise a vulnerable system.

1) The "StartProcess()" and "SyncShell()" methods of the PDWizard.ocx ActiveX control can be exploited to execute arbitrary commands on the system. Other insecure methods have also been reported e.g. "SaveAs()", "CABDefaultURL()", "CABFileName()", and "CABRunFile()".

2) The "Load()" and "SaveAs()" methods of the VBTOVSI.DLL ActiveX control can be exploited to e.g. load a local file and save it in an arbitrary location or overwrite an arbitrary file.

The vulnerabilities are reported in version 6.0. Other versions may also be affected.

SOLUTION: Set the kill-bit for the ActiveX controls.

PROVIDED AND/OR DISCOVERED BY: shinnai

ORIGINAL ADVISORY:
http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html
http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 358,989,469
  • Today: 44,033
Server InfoServer Info
  • Jun 21, 2018
  • 09:03 am PDT
 
 

Daily Inspiration