Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability note CVE-2009-1567 CVE-2009-4219

IE: vulnerabilities of several ActiveX of December 2009

Synthesis of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.
Severity: 2/4.
Creation date: 01/12/2009.
Revision date: 03/12/2009.

Description of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.

An attacker can generate an overflow in the URL property of the Haihaisoft Universal Player MyActiveX.ocx ActiveX in order to generate a denial of service or to execute code on victim's computer. [severity:2/4; BID-37151, CVE-2009-4219, >]

An attacker can generate an overflow in numerous properties (LogURL, ConnectURL, SkinURL, AlbumCreateURL, ErrorURL and httpsinglehost) of the Lateral Arts Photobox Uploader ActiveX in order to generate a denial of service or to execute code on victim's computer. [severity:2/4; BID-37187, CVE-2009-1567, >]

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: IE: vulnerabilities of several ActiveX of December 2009.
Keywords: 2009 ActiveX AlbumCreateURL Arts ConnectURL December ErrorURL Haihaisoft Lateral LogURL MyActiveX Photobox Player SkinURL URL Universal Uploader several vulnerabilities.
Identifiers: BID-37151, BID-37187, CVE-2009-1567, CVE-2009-4219, VIGILANCE-VUL-9229.

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : Haihaisoft Universal Player MyActiveX.ocx

An attacker can generate an overflow in the URL property of the Haihaisoft Universal Player MyActiveX.ocx ActiveX in order to generate a denial of service or to execute code on victim's computer.
Severity: 2/4.
Identifiers: BID-37151, CVE-2009-4219.
Publications and announces
Source example: Haihaisoft Universal Player ActiveX Control Remote Buffer Overflow

Vulnerability : Lateral Arts Photobox Uploader ActiveX Control

An attacker can generate an overflow in numerous properties (LogURL, ConnectURL, SkinURL, AlbumCreateURL, ErrorURL and httpsinglehost) of the Lateral Arts Photobox Uploader ActiveX in order to generate a denial of service or to execute code on victim's computer.
Severity: 2/4.
Identifiers: BID-37187, CVE-2009-1567.
Publications and announces
Source example: Lateral Arts uploader ActiveX Control Buffer Overflow

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability database



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française