Another IE ActiveX Vulnerability Discovered

Wiz Feinberg · From: Mid-Michigan, USA

CERT Vulnerability Note VU#377369
Secunia Advisory SA21910
Microsoft Security Advisory (925444)

Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution

A.K.A: Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability

Microsoft DirectAnimation Path ActiveX control fails to validate input

Overview
The Microsoft DirectAnimation Path ActiveX control fails to properly validate input. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description
The Microsoft DirectAnimation Path object is an ActiveX control that is used to move objects around the page. This ActiveX control fails to validate input to several of its methods, which can cause Internet Explorer or another host application to crash in an exploitable manner.

II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.

III. Solution
Disable the DirectAnimation Path ActiveX control

The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID:

{D7A7D7C3-D47F-11d0-89D3-00A0C90833E6}

More information about how to set the kill bit is available in Microsoft Support Document 240797.

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this vulnerability. See the details in the Microsoft Security Advisory, in the Suggested Actions > Workarounds section.

Stay tuned for more details as they become available.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage. Get Firefox Here.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices. My FAQs.

[This message was edited by Wiz Feinberg on 26 September 2006 at 01:50 PM.]

Jack Stoner · From: Kansas City, MO

Apparetnly those of us on I.E.7Beta are not affected.

Here is a link to a test site for the vulnerability http://www.isotf.org/zert/testvml.htm

And another site about it. http://www.grc.com/sn/notes-058.htm

Wiz Feinberg · From: Mid-Michigan, USA

Jack;
This is another brand new vulnerability, not related to the VML buffer overflow vulnerability. I am watching for more details.

Wiz

CrowBear Schmitt · From: Ariege, - PairO'knees, - France

Wiz,
Thanx a bunch for all that you have been doin'

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: