| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability CVE-2008-0024 CVE-2008-2475 CVE-2009-2169
IE: vulnerabilities of several ActiveX of June 2009
Synthesis of the vulnerability
| Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code. |
Severity: 2/4.
Creation date: 10/06/2009.
Revision date: 17/06/2009.
|
Impacted products
Description of the vulnerability
Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.
An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35218, CVE-2008-0024, >]
An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35247, >]
An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer. [severity:2/4; 969898, BID-35248, CVE-2008-2475, VU#983731, >]
An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer. [severity:1/4; BID-35404, >]
An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer. [severity:2/4; BID-35428, CVE-2009-2169, >] |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: IE: vulnerabilities of several ActiveX of June 2009.
Keywords: 2009 969898 983731 ATL ActiveX Derivco Edraw Enhanced FlashXControl FtpConnect FtpDownloadFile June Loader MSCOMM32 Manager McAfee Microgaming PDF Picture Policy Services Viewer WriteTaskDataToIniFile eBay naPolicyManager several vulnerabilities.
Identifiers: 969898, 973346, BID-35218, BID-35247, BID-35248, BID-35404, BID-35428, CVE-2008-0024, CVE-2008-2475, CVE-2009-2169, MS09-032, VIGILANCE-VUL-8785, VU#983731.
|
Solutions for this vulnerability
Supplements
Vulnerability : MSCOMM32.OCX ATL Loader
An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35218, CVE-2008-0024.
|
|
Vulnerability : Derivco Microgaming FlashXControl
An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35247.
|
|
Vulnerability : eBay Enhanced Picture Services EPUWALcontrol.dll
An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Identifiers: 969898, BID-35248, CVE-2008-2475, VU#983731.
|
|
Vulnerability : McAfee Policy Manager naPolicyManager.dll
An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim's computer.
Severity: 1/4.
Identifiers: BID-35404.
|
|
Vulnerability : Edraw PDF Viewer pdfviewer.ocx
An attacker can use the FtpConnect() and FtpDownloadFile() methods of the Edraw PDF Viewer pdfviewer.ocx ActiveX in order to download a file on victim's computer.
Severity: 2/4.
Identifiers: BID-35428, CVE-2009-2169.
|
|
Computer vulnerabilities tracking service
Vigil@nce provides a systems vulnerabilities workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system.
|
