| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability CVE-2008-0024 CVE-2008-2475 CVE-2009-2169
IE: vulnerabilities of several ActiveX of June 2009
Synthesis of the vulnerability
| Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code. |
Severity: 2/4.
Creation date: 10/06/2009.
Revision date: 17/06/2009.
|
Description of the vulnerability
Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.
An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35218, CVE-2008-0024, >]
An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35247, >]
An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35248, CVE-2008-2475, VU#983731, >]
An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer. [severity:1/4; BID-35404, >]
An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer. [severity:2/4; BID-35428, CVE-2009-2169, >] |
Complete Vigil@nce bulletin
Characteristics
Title: IE: vulnerabilities of several ActiveX of June 2009.
Keywords: 2009 969898 983731 ATL ActiveX Derivco Edraw Enhanced FlashXControl FtpConnect FtpDownloadFile June Loader MSCOMM32 Manager McAfee Microgaming PDF Picture Policy Services Viewer WriteTaskDataToIniFile eBay naPolicyManager several vulnerabilities.
Identifiers: 969898, 973346, BID-35218, BID-35247, BID-35248, BID-35404, BID-35428, CVE-2008-0024, CVE-2008-2475, CVE-2009-2169, MS09-032, VIGILANCE-VUL-8785, VU#983731.
|
Solutions for this vulnerability
Supplements
Vulnerability : MSCOMM32.OCX ATL Loader
An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35218, CVE-2008-0024.
|
|
Vulnerability : Derivco Microgaming FlashXControl
An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35247.
|
|
Vulnerability : eBay Enhanced Picture Services EPUWALcontrol.dll
An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35248, CVE-2008-2475, VU#983731.
|
|
Vulnerability : McAfee Policy Manager naPolicyManager.dll
An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer.
Severity: 1/4.
Identifiers: BID-35404.
|
|
Vulnerability : Edraw PDF Viewer pdfviewer.ocx
An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer.
Severity: 2/4.
Identifiers: BID-35428, CVE-2009-2169.
|
|
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service
|
