PCWorks: Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability

Thread: PCWorks: Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability

Search this list only Search all lists
PCWorks: Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability
	2006-09-15 18:05:18
Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability Secunia Advisory: SA21910 Release Date: 2006-09-14 Last Update: 2006-09-15 Critical: Extremely critical Impact: System access Where: From remote Solution Status: Unpatched Software: Microsoft Internet Explorer 6.x CVE reference: CVE-2006-4777 (Secunia mirror) Description: nop has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a memory corruption error in the Microsoft Multimedia Controls ActiveX control (daxctle.ocx) in the "CPathCtl::KeyFrame()" function. This can be exploited by e.g. tricking a user into viewing a malicious HTML document passing specially crafted arguments to the ActiveX control's "KeyFrame()" method. Successful exploitation allows execution of arbitrary code. NOTE: A somewhat working exploit is publicly available for partially patched versions of Windows 2000. However, Secunia has successfully created a fully working exploit for Windows XP SP2 (fully patched). It is also possible to crash the browser via the "Spline()" method. Solution: Only allow trusted websites to run ActiveX controls. Provided and/or discovered by: nop Changelog: 2006-09-15: Added Microsoft, US-CERT, and CVE references. Original Advisory: http://www.xsec.org/index.php?mod ule=releases&act=view&type=2&id=20 Microsoft: http://www.microsoft.com/technet/security/advisory /925444.mspx Other References: US-CERT VU#377369: http://www.kb.c ert.org/vuls/id/377369 Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others. ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )