Next Page >>
ActiveX control
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security
Appliance Clientless VPN ActiveX Control Remote Code Execution
Vulnerability
Advisory ID: cisco-sa-20120314-asaclient
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX
Controls
Issued: June 8, 2010
CA Technologies support is alerting users to multiple security risks
with the PSFormX and WebScan ActiveX controls previously available
from the CA Global Security Advisor site. Multiple vulnerabilities
process of downloading the Cisco AnyConnect Secure Mobility Client
begins. This action causes the browser to first download a "helper"
application that aids in downloading and executing the actual Cisco
AnyConnect Secure Mobility Client. The helper application is a Java
applet on the Linux and MacOS X platforms, and either a Java applet
on the Windows platform or an ActiveX control if the browser is
capable of utilizing ActiveX controls. The downloaded helper
application is executed in the context of the originating site in the
user's web browser. The helper application then downloads the Cisco
AnyConnect Secure Mobility Client from the VPN headend and executes
it.
- -----/
8.2. *Additional information: Low severity bugs in ActiveDom.ocx ActiveX*
The ActiveX control 'ActiveDom.ocx' is shipped with HP Openview NNM 7.53
and installed by default. The control is prone to multiple memory
corruption bugs due to erroneous handling of overly long strings passed
to multiple methods. These bugs are considered of low severity because
======================================================================
Secunia Research 25/08/2008
- Novell iPrint Client ActiveX Control Multiple Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Abstract
------------------------------------------------------------------------
Akamai's Download Manager allows attackers to download arbitrary
files onto a user's desktop. Using a so-called "blended
threat" attack it is possible to execute arbitrary code. This
attack affects the ActiveX control as well as the Java applet.
------------------------------------------------------------------------
Tested version
------------------------------------------------------------------------
This issue was tested on Akamai Download Manager version 2.2.4.8 using
Vulnerability ID: HTB23015
Reference: http://www.htbridge.ch/advisory/easewe_ftp_ocx_activex_control_execute_insecure_method.html
Product: Easewe FTP OCX ActiveX Control
Vendor: Easewe Software ( http://www.ftpocx.com )
Vulnerable Version: 4.5.0.9 and probably prior
Tested on: 4.5.0.9
Vendor Notification: 01 June 2011
Vulnerability Type: ActiveX Control Insecure Method
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
>
>--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
>
>SK> Windows Update (as well as Microsoft Update and the Automatic Update)
>SK> installs an outdated (and from its manufacturer unsupported) Flash
>SK> Player ActiveX control on Windows XP.
>
>
>SK> Although this fact is nothing really new it but shows the lack of taking
>SK> care for security problems and in general the chuzpe of many software
>SK> "producers" to ship their "products" with outdated and often vulnerable
Windows Update (as well as Microsoft Update and the Automatic Update)
installs an outdated (and from its manufacturer unsupported) Flash
Player ActiveX control on Windows XP.
Although this fact is nothing really new it but shows the lack of taking
care for security problems and in general the chuzpe of many software
"producers" to ship their "products" with outdated and often vulnerable
components.
--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
SK> Windows Update (as well as Microsoft Update and the Automatic Update)
SK> installs an outdated (and from its manufacturer unsupported) Flash
SK> Player ActiveX control on Windows XP.
SK> Although this fact is nothing really new it but shows the lack of taking
SK> care for security problems and in general the chuzpe of many software
SK> "producers" to ship their "products" with outdated and often vulnerable
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
remotely injecting JavaScript code into the embedded IE control of the
AIM client.
- - Remote instantiation of Active X controls in the corresponding security
zone.
- - Cross-site request forgery and token/cookie manipulation using embedded
HTML.
*Vulnerable packages*
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
remotely injecting JavaScript code into the embedded IE control of the
AIM client.
- - Remote instantiation of Active X controls in the corresponding security
zone.
- - Cross-site request forgery and token/cookie manipulation using embedded
HTML.
*Vulnerable packages*
Kaspersky Web Scanner ActiveX Format String Vulnerability
iDefense Security Advisory 10.10.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 10, 2007
I. BACKGROUND
Kaspersky Lab Online Virus Scanner is a free online virus scanner
service, enabling a user to scan their system for malicious code via
______________________________________________________________________
-------------------------- NSOADV-2010-008 ---------------------------
AnNoText Third-Party ActiveX Control Buffer Overflow
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
SEC Consult Vulnerability Lab Security Advisory < 20110810-0 >
=======================================================================
title: Client-side remote file upload & command execution
product: Check Point SSL VPN On-Demand applications (signed
Java applet and ActiveX control)
* SSL Network Extender (SNX)
* SecureWorkSpace
* Endpoint Security On-Demand
supplied by Check Point Connectra or other security
gateways
/////////
Software called "HP Info Center" is shipped with almost every HP laptop model for few years.
It is designed to support user with quick system information and hardware configuration
using single button touch.
One of its ActiveX controls deployed by default by the vendor has three insecure methods
that allow a malicious person to target the HP notebook machines for a remote code execution
and remote registry manipulation based attacks.
Title: CA Multiple Products DSM ListCtrl ActiveX Control Buffer
Overflow Vulnerability
CVE: CVE-2008-1472
CA Advisory Date: 2008-03-28
Reported By: Exploit code posted at milw0rm.com
______________________________________________________________________
NSOADV-2010-003: DATEV ActiveX Control remote command execution
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
11111 0 11 01 0 11 1 1 111011001
======================================================================
Secunia Research 29/10/2010
- SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control -
- "Install3rdPartyComponent()" Method Buffer Overflow -
======================================================================
Table of Contents
Title: CA DSM gui_cm_ctrls ActiveX Control Vulnerability
CA Advisory Date: 2008-04-15
Reported By: Greg Linares of eEye Digital Security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code
Execution Vulnerability
Advisory ID: cisco-sa-20100414-csd
Revision 1.0
______________________________________________________________________
-------------------------- NSOADV-2010-009 ---------------------------
AnNoText Third-Party ActiveX Control file overwrite vulnerability
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
3. Problem Description
I Security Issues
a. Setting ActiveX killbit
Starting from this release, VMware has set the killbit on its
ActiveX controls. Setting the killbit ensures that ActiveX
controls cannot run in Internet Explorer (IE), and avoids
security issues involving ActiveX controls in IE. See the
______________________________________________________________________
-------------------------- NSOADV-2010-005 ---------------------------
SonicWALL E-Class SSL-VPN ActiveX Control format string overflow
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
Macrovision InstallShield InstallScript One-Click Install (OCI) is a web
based installer technology that allows software publishers to distribute
minimal installer packages which allow end users to select components to
install. Upon first visiting such a website, the user is prompted to
install the ActiveX control. More information can be found on the
vendor's site at the following URL.
http://www.macrovision.com/products/installation/installshield.htm
II. DESCRIPTION
Security Advisory NSOADV-2009-001
_________________________________________
_________________________________________
Title: Symantec ConsoleUtilities ActiveX Control
Buffer Overflow
Severity: Critical
Advisory ID: NSOADV-2009-001
Found Date: 09.09.2009
Date Reported: 15.09.2009
======================================================================
Secunia Research 17/11/2011
- DVR Remote ActiveX Control DVRobot Library Loading Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll
sprintf Remote Buffer Overflow Vulnerability
Tested against: Microsoft Windows Vista SP2
Microsoft Windows XP SP3
Microsoft Windows 2003 R2 SP2
Internet Explorer 7/8/9
download url of a test version:
http://search.dell.com/results.aspx?c=us&l=en&s=gen&cat=sup&k=Dell+SX2210+monitor&rpp=12&p=1&subcat=dyd&rf=all&nk=f&sort=K&ira=False&~srd=False&ipsys=False&advsrch=False&~ck=anav
* Deletion of arbitrary files on the client
* Arbitrary code execution thru various buffer
overflows
program: SonicWALL SSL-VPN
vulnerable version: SonicWALL SSL-VPN 1.3.0.3
WebCacheCleaner ActiveX Control 1.3.0.3
NeLaunchCtrl ActiveX Control 2.1.0.49
homepage: www.sonicwall.com
found: 04-23-2007
by: lofi42
perm. link: http://www.sec-consult.com/303.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager
ActiveX Control
Advisory ID: cisco-sa-20080814-webex
Revision 1.0
Next Page>>
|
