funsec mailing list archives
A modest proposal for a public ActiveX kill-bit list
From: <rms () computerbytesman com>
Date: Fri, 29 Jun 2007 14:57:27 -0400
Hello, I would like to see someone (US-CERT perhaps?), publish a simple text file on the Web that lists classids of ActiveX controls with known security problems. This list can then be used by a security product and admin script to harden a Windows system by turning on the kill-bits for any of controls which are on the list and installed on the system. To start the kill-bit list, I have attached a list of Google news alerts about many different ActiveX security problems from the last month. Many of the advisories provide the classids of controls to be killed. By having such a list, systems can be protected from ActiveX exploits even if vendors don't have patches available yet. In addition, in too many cases, ActiveX security patches aren't much value because there is no automatic mechanism to install the patches. Richard M. Smith Boston Software Forensics _____ TITLE: NCTsoft <http://www.secuobs.com/secumail/snsecumail/msg06330.shtml> Products NCTWMAFile2 ActiveX Control "CreateFile ... SecuObs - France The vulnerability is caused due to the NCTWMAFile2 (NCTWMAFile2.dll) ActiveX control including the insecure "CreateFile()" method, which creates a file ... RKD Software BarCode <http://www.frsirt.com/english/advisories/2007/2305> ActiveX Control "BeginPrint()" Code Execution ... FrSIRT - Montpellier,France A vulnerability has been identified in RKD Software BarCode ActiveX Control, which could be exploited by remote attackers to cause a denial of service or ... RealNetworks <http://www.frsirt.com/english/advisories/2007/2261> GameHouse dldisplay ActiveX Remote Code Execution ... FrSIRT - Montpellier,France Multiple vulnerabilities have been identified in RealNetworks GameHouse dldisplay ActiveX control, which could be exploited by remote attackers to take ... TITLE: Novell <http://www.secuobs.com/secumail/snsecumail/msg06225.shtml> exteNd Director LocalExec ActiveX Control "launch ... SecuObs - France The vulnerability is caused due to the LocalExec (LocalExec.ocx) ActiveX control including the insecure "launch()" method, which can be exploited to execute ... Vulnerability in Microsoft <http://www.heise-security.co.uk/news/91229> Office 2003 ActiveX control heise Security - London,UK The buffer overflow occurs if excess data is passed to the method of the ActiveX control, and can be exploited to run arbitrary code in the context of the ... TITLE: HP PSC <http://www.secuobs.com/secumail/snsecumail/msg06359.shtml> All-in-One Series XMLData ActiveX Control ... SecuObs - France XMLData.1 (hpqxml.dll) ActiveX control including the "saveXMLAsFile()" insecure method, which creates a file specified as an argument. ... TITLE: TEC-IT <http://www.secuobs.com/secumail/snsecumail/msg06166.shtml> TBarCode TBarCode7 ActiveX Control "SaveImage ... SecuObs - France DESCRIPTION: shinnai has reported a vulnerability in TEC-IT's TBarCode TBarCode7 ActiveX control, which can be exploited by malicious people to overwrite ... Microsoft Speech Hit <http://www.pcworld.in/news/index.jsp/artId=5701651> by Serious Flaws PC World India - Bangalore,Karnataka,India The ActiveX controls used by Microsoft Speech version 4.0a to interact with Internet Explorer, xlisten.dll and xvoice.dll, could be exploited by a specially ... Corel ActiveCGM <http://www.frsirt.com/english/advisories/2007/2191> ActiveX Control Multiple Remote Command Execution ... FrSIRT - Montpellier,France These issues are caused by buffer overflow errors in the "acgm.dll" ActiveX control when processing a malformed property or method, which could be exploited ... Websense <http://www.itnewsonline.com/showstory.php?storyid=9964&scatid=6&contid=3> Discovers Over 24 Sites Using Yahoo! Messenger Exploit Code IT News Online - Mumbai,Maharashtra,India Websense said that full proof-of-concept exploit code was published several days ago for two vulnerabilities in an ActiveX control included with Yahoo! ... Zoomify Viewer <http://www.frsirt.com/english/advisories/2007/2142> ActiveX Control Multiple Remote Command Execution ... FrSIRT - Montpellier,France Multiple vulnerabilities have been identified in Zoomify Viewer ActiveX Control, which could be exploited by remote attackers to take complete control of an ... Macrovision FLEXnet <http://www.frsirt.com/english/advisories/2007/2070> "boisweb" ActiveX Control Remote Buffer ... FrSIRT - Montpellier,France This issue is caused by a buffer overflow error in the "boisweb.dll" ActiveX control when processing malformed arguments passed to the ... E-Book Systems <http://www.frsirt.com/english/advisories/2007/2081> FlipViewer ActiveX Multiple Remote Code Execution ... FrSIRT - Montpellier,France These issues are caused by buffer overflow errors in the "FlipViewerX.dll" ActiveX control when processing a malformed "UID", "Opf", "PAGENO", "LaunchMode", ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- A modest proposal for a public ActiveX kill-bit list rms (Jun 29)