IE keyframe() Meathod Vulnerability

I

imhotep

Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability

Description:

"nop has discovered a vulnerability in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a memory corruption error in the
Microsoft Multimedia Controls ActiveX control (daxctle.ocx) in
the "CPathCtl::KeyFrame()" function. This can be exploited by e.g. tricking
a user into viewing a malicious HTML document passing specially crafted
arguments to the ActiveX control's "KeyFrame()" method."

http://secunia.com/advisories/21910/

Imhotep
 
M

MowGreen [MVP]

Solution:
Set the kill bit for the vulnerable ActiveX control (see Microsoft advisory for details).
Only allow trusted websites to run ActiveX controls.

http://www.microsoft.com/technet/security/advisory/925444.mspx

We are also aware of proof of concept code published publicly and we are aware of
*limited attacks* that are attempting to use the reported vulnerability. Customers
would need to visit an attacker’s Web site to be at risk. We will continue to
investigate these public reports.
Click to expand...


MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft PowerPoint Code Execution Vulnerability 12
New Zero Day IE vulnerability 0
Yahoo! Messenger ActiveX Control Buffer Overflows 0
Internet Explorer 7 "mhtml:" Redirection Information Disclosure 2
Advisories and vulnerability comparison: Windows 98(se) vs Windows XPhome 33
[OT] MS Windows Color Management Module Buffer Overflow 1
FireFox vulnerabilities FYI 25
OT Vulnerability In WinAmp 1

Top