The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability announce 10847

Dell OpenManage IT Assistant: information disclosure via detectIESettingsForITA.OCX

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious HTML page, calling the Dell OpenManage IT Assistant ActiveX, in order to read the content of the registry.
Impacted systems: OpenManage.
Severity of this alert: 2/4.
Consequences of an intrusion: data reading.
Pirate's origin: document.
Creation date: 18/07/2011.
Références of this alert: BID-48680, VIGILANCE-VUL-10847.

Description of the vulnerability

The Dell OpenManage IT Assistant product installs the detectIESettingsForITA.ocx ActiveX, which detects the configuration for Internet Explorer.

This ActiveX reads Dell hives of the registry. However, an attacker can choose the name of the hive to read, in order to read other values.

An attacker can therefore invite the victim to display a malicious HTML page, calling the Dell OpenManage IT Assistant ActiveX, in order to read the content of the registry.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.