Another IE ActiveX Vulnerability Discovered

The machines we love to hate

Moderator: Wiz Feinberg

User avatar
Wiz Feinberg
Posts: 6113
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA

Another IE ActiveX Vulnerability Discovered

Post by Wiz Feinberg »

CERT Vulnerability Note VU#377369
Secunia Advisory SA21910
Microsoft Security Advisory (925444)

Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution

A.K.A: Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability

Microsoft DirectAnimation Path ActiveX control fails to validate input

Overview
The Microsoft DirectAnimation Path ActiveX control fails to properly validate input. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description
The Microsoft DirectAnimation Path object is an ActiveX control that is used to move objects around the page. This ActiveX control fails to validate input to several of its methods, which can cause Internet Explorer or another host application to crash in an exploitable manner.

II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.

III. Solution
Disable the DirectAnimation Path ActiveX control

The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID:

{D7A7D7C3-D47F-11d0-89D3-00A0C90833E6}

More information about how to set the kill bit is available in Microsoft Support Document 240797.

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this vulnerability. See the details in the Microsoft Security Advisory, in the Suggested Actions > Workarounds section.
<hr>
Stay tuned for more details as they become available.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage. Get Firefox Here.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices. My FAQs.</small><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 26 September 2006 at 01:50 PM.]</p></FONT>
Top
User avatar
Jack Stoner
Posts: 22147
Joined: 3 Dec 1999 1:01 am
Location: Kansas City, MO

Post by Jack Stoner »

Apparetnly those of us on I.E.7Beta are not affected.

Here is a link to a test site for the vulnerability http://www.isotf.org/zert/testvml.htm

And another site about it. http://www.grc.com/sn/notes-058.htm
Top
User avatar
Wiz Feinberg
Posts: 6113
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA

Post by Wiz Feinberg »

Jack;
This is another brand new vulnerability, not related to the VML buffer overflow vulnerability. I am watching for more details.

Wiz
Top
User avatar
CrowBear Schmitt
Posts: 11624
Joined: 8 Apr 2000 12:01 am
Location: Ariege, - PairO'knees, - France

Post by CrowBear Schmitt »

Wiz,
Thanx a bunch for all that you have been doin' Image
Top

Return to “Computers”