funsec mailing list archives

Previous By Date Next
Previous By Thread Next

A modest proposal for a public ActiveX kill-bit list

From: <rms () computerbytesman com>
Date: Fri, 29 Jun 2007 14:57:27 -0400
Hello,

 

I would like to see someone (US-CERT perhaps?), publish a simple text file
on the Web that lists classids of ActiveX controls with known security
problems.  This list can then be used by a security product and admin script
to harden a Windows system by turning on the kill-bits for any of controls
which are on the list and installed on the system.  To start the kill-bit
list, I have attached a list of Google news alerts about many different
ActiveX security problems from the last month.  Many of the advisories
provide the classids of controls to be killed.

 

By having such a list, systems can be protected from ActiveX exploits even
if vendors don't have patches available yet.  In addition, in too many
cases, ActiveX security patches aren't much value because there is no
automatic mechanism to install the patches.

 

Richard M. Smith

Boston Software Forensics

 

  _____  

 

TITLE: NCTsoft <http://www.secuobs.com/secumail/snsecumail/msg06330.shtml>
Products NCTWMAFile2 ActiveX Control "CreateFile ...
SecuObs - France
The vulnerability is caused due to the NCTWMAFile2 (NCTWMAFile2.dll) ActiveX
control including the insecure "CreateFile()" method, which creates a file
...

 

RKD Software BarCode  <http://www.frsirt.com/english/advisories/2007/2305>
ActiveX Control "BeginPrint()" Code Execution ...
FrSIRT - Montpellier,France
A vulnerability has been identified in RKD Software BarCode ActiveX Control,
which could be exploited by remote attackers to cause a denial of service or
...

 

RealNetworks <http://www.frsirt.com/english/advisories/2007/2261>  GameHouse
dldisplay ActiveX Remote Code Execution ...
FrSIRT - Montpellier,France
Multiple vulnerabilities have been identified in RealNetworks GameHouse
dldisplay ActiveX control, which could be exploited by remote attackers to
take ...

 

TITLE: Novell <http://www.secuobs.com/secumail/snsecumail/msg06225.shtml>
exteNd Director LocalExec ActiveX Control "launch ...
SecuObs - France
The vulnerability is caused due to the LocalExec (LocalExec.ocx) ActiveX
control including the insecure "launch()" method, which can be exploited to
execute ...

 

Vulnerability in Microsoft <http://www.heise-security.co.uk/news/91229>
Office 2003 ActiveX control
heise Security - London,UK
The buffer overflow occurs if excess data is passed to the method of the
ActiveX control, and can be exploited to run arbitrary code in the context
of the ...

 

TITLE: HP PSC <http://www.secuobs.com/secumail/snsecumail/msg06359.shtml>
All-in-One Series XMLData ActiveX Control ...
SecuObs - France
XMLData.1 (hpqxml.dll) ActiveX control including the "saveXMLAsFile()"
insecure method, which creates a file specified as an argument. ...

 

TITLE: TEC-IT <http://www.secuobs.com/secumail/snsecumail/msg06166.shtml>
TBarCode TBarCode7 ActiveX Control "SaveImage ...
SecuObs - France
DESCRIPTION: shinnai has reported a vulnerability in TEC-IT's TBarCode
TBarCode7 ActiveX control, which can be exploited by malicious people to
overwrite ...

Microsoft Speech Hit <http://www.pcworld.in/news/index.jsp/artId=5701651>
by Serious Flaws
PC World India - Bangalore,Karnataka,India
The ActiveX controls used by Microsoft Speech version 4.0a to interact with
Internet Explorer, xlisten.dll and xvoice.dll, could be exploited by a
specially ...

Corel ActiveCGM  <http://www.frsirt.com/english/advisories/2007/2191>
ActiveX Control Multiple Remote Command Execution ...
FrSIRT - Montpellier,France
These issues are caused by buffer overflow errors in the "acgm.dll" ActiveX
control when processing a malformed property or method, which could be
exploited ...

 

Websense
<http://www.itnewsonline.com/showstory.php?storyid=9964&scatid=6&contid=3>
Discovers Over 24 Sites Using Yahoo! Messenger Exploit Code
IT News Online - Mumbai,Maharashtra,India
Websense said that full proof-of-concept exploit code was published several
days ago for two vulnerabilities in an ActiveX control included with Yahoo!
...

 

Zoomify Viewer  <http://www.frsirt.com/english/advisories/2007/2142> ActiveX
Control Multiple Remote Command Execution ...
FrSIRT - Montpellier,France
Multiple vulnerabilities have been identified in Zoomify Viewer ActiveX
Control, which could be exploited by remote attackers to take complete
control of an ...

Macrovision FLEXnet <http://www.frsirt.com/english/advisories/2007/2070>
"boisweb" ActiveX Control Remote Buffer ...
FrSIRT - Montpellier,France
This issue is caused by a buffer overflow error in the "boisweb.dll" ActiveX
control when processing malformed arguments passed to the ...

E-Book Systems <http://www.frsirt.com/english/advisories/2007/2081>
FlipViewer ActiveX Multiple Remote Code Execution ...
FrSIRT - Montpellier,France
These issues are caused by buffer overflow errors in the "FlipViewerX.dll"
ActiveX control when processing a malformed "UID", "Opf", "PAGENO",
"LaunchMode", ...


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: