Monday, September 17, 2007 12:14 PM
cmosby
Microsoft Visual Studio Two ActiveX Controls Insecure Methods - Advisories - Secunia
Microsoft Visual Studio Two ActiveX Controls Insecure Methods
Secunia Advisory:
SA26779
Release Date:
2007-09-14
Last Update:
2007-09-17
Critical:
Highly critical
Impact:
Manipulation of data
System access
Where:
From remote
Solution Status:
Unpatched
Software:
Microsoft Visual Studio 6 Enterprise
Microsoft Visual Studio 6 Professional
CVE reference:
CVE-2007-4890 (Secunia mirror)
CVE-2007-4891 (Secunia mirror)
Description:
shinnai has reported some vulnerabilities in Microsoft Visual Studio, which can be exploited by malicious people to overwrite arbitrary files or potentially compromise a vulnerable system.
1) The "StartProcess()" and "SyncShell()" methods of the PDWizard.ocx ActiveX control can be exploited to execute arbitrary commands on the system. Other insecure methods have also been reported e.g. "SaveAs()", "CABDefaultURL()", "CABFileName()", and "CABRunFile()".
2) The "Load()" and "SaveAs()" methods of the VBTOVSI.DLL ActiveX control can be exploited to e.g. load a local file and save it in an arbitrary location or overwrite an arbitrary file.
The vulnerabilities are reported in version 6.0. Other versions may also be affected.
Solution:
Set the kill-bit for the ActiveX controls.
Provided and/or discovered by:
shinnai
Changelog:
2007-09-17: Added CVE reference.
Original Advisory:
http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html
http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html
Source: Microsoft Visual Studio Two ActiveX Controls Insecure Methods - Advisories - Secunia
Filed under: Patch Management, Microsoft Windows, Internet Applications, Security