Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability CVE-2008-0024 CVE-2008-2475 CVE-2009-2169

IE: vulnerabilities of several ActiveX of June 2009

Synthesis of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.
Severity: 2/4.
Creation date: 10/06/2009.
Revision date: 17/06/2009.

Description of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.

An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35218, CVE-2008-0024, >]

An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35247, >]

An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35248, CVE-2008-2475, VU#983731, >]

An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer. [severity:1/4; BID-35404, >]

An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer. [severity:2/4; BID-35428, CVE-2009-2169, >]

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: IE: vulnerabilities of several ActiveX of June 2009.
Keywords: 2009 969898 983731 ATL ActiveX Derivco Edraw Enhanced FlashXControl FtpConnect FtpDownloadFile June Loader MSCOMM32 Manager McAfee Microgaming PDF Picture Policy Services Viewer WriteTaskDataToIniFile eBay naPolicyManager several vulnerabilities.
Identifiers: 969898, 973346, BID-35218, BID-35247, BID-35248, BID-35404, BID-35428, CVE-2008-0024, CVE-2008-2475, CVE-2009-2169, MS09-032, VIGILANCE-VUL-8785, VU#983731.

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : MSCOMM32.OCX ATL Loader

An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35218, CVE-2008-0024.
Publications and announces
Source example: Microsoft Security Advisory (969898) Update Rollup for ActiveX Kill Bits

Vulnerability : Derivco Microgaming FlashXControl

An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35247.
Publications and announces
Source example: Microsoft Security Advisory (969898) Update Rollup for ActiveX Kill Bits

Vulnerability : eBay Enhanced Picture Services EPUWALcontrol.dll

An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35248, CVE-2008-2475, VU#983731.
Publications and announces
Source example: Microsoft Security Advisory (969898) Update Rollup for ActiveX Kill Bits

Vulnerability : McAfee Policy Manager naPolicyManager.dll

An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer.
Severity: 1/4.
Identifiers: BID-35404.
Publications and announces

Vulnerability : Edraw PDF Viewer pdfviewer.ocx

An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer.
Severity: 2/4.
Identifiers: BID-35428, CVE-2009-2169.
Publications and announces

Attack

Exploit 0day or proof of concept

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française