| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability CVE-2008-0024 CVE-2008-2475 CVE-2009-2169
IE: vulnerabilities of several ActiveX of June 2009
Synthesis of the vulnerability
| Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code. |
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Means of attack: 2 attacks.
Ability of attacker: beginner (1/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Number of vulnerabilities in this bulletin: 5.
Creation date: 10/06/2009.
Revision date: 17/06/2009.
|
Impacted products
Description of the vulnerability
Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.
An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35218, CVE-2008-0024, >]
An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35247, >]
An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35248, CVE-2008-2475, VU#983731, >]
An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer. [severity:1/4; BID-35404, >]
An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer. [severity:2/4; BID-35428, CVE-2009-2169, >] |
Characteristics
Title: IE: vulnerabilities of several ActiveX of June 2009
Identifiers: 969898, 973346, BID-35218, BID-35247, BID-35248, BID-35404, BID-35428, CVE-2008-0024, CVE-2008-2475, CVE-2009-2169, MS09-032, VIGILANCE-VUL-8785, VU#983731.
Url: https://vigilance.fr/tree/1/8785
|
Solutions for this vulnerability
Supplements
Vulnerability : MSCOMM32.OCX ATL Loader
An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35218, CVE-2008-0024.
|
|
Vulnerability : Derivco Microgaming FlashXControl
An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35247.
|
|
Vulnerability : eBay Enhanced Picture Services EPUWALcontrol.dll
An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35248, CVE-2008-2475, VU#983731.
|
|
Vulnerability : McAfee Policy Manager naPolicyManager.dll
An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer.
Severity: 1/4.
Identifiers: BID-35404.
|
|
Vulnerability : Edraw PDF Viewer pdfviewer.ocx
An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer.
Severity: 2/4.
Identifiers: BID-35428, CVE-2009-2169.
|
|
|