Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Six ActiveX Vulnerabilities This Week

Published: 2008-02-04
Last Updated: 2008-02-05 19:52:38 UTC
by Mari Nichols (Version: 3)
0 comment(s)

Symantec is reporting a total of six buffer-overflow vulnerabilities that affect a number of widely distributed ActiveX controls have been disclosed in the past week. We are unaware of any public exploitation of these vulnerabilities. However, the Symantec DeepSight team has confirmed that these issues can be used to execute code or crash the vulnerable applications. 

Admins are advised to set the kill bit for the following CLSIDs as soon as possible:

Aurigma: CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7 ('ImageUploader4.ocx') 

Aurigma: CLSID BA162249-F2C5-4851-8ADC-FC58CB424243 ('ImageUploader5') 

Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0                                                           

Yahoo! MediaGrid: CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139                                                 

Yahoo! DataGrid: CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C.

UPDATE: The early reporting on this issue listed an incorrect CLSID for the Yahoo! DataGrid.  This has been corrected above.  Most other reports list an additional "2" at the end of the CLSID.

Security Awareness updates should be issued warning of Active X controls and safe browsing.

Read the original article for more information.

Fair Winds, Mari Nichols


UPDATE:  Exceptions

"...Note that the MySpace ImageUploader library has not been reported to be affected by these new vulnerabilities*... Set the kill bit for the following CLSIDs as soon as possible... Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0 **..."

* Exception:

** Exception:


0 comment(s)
Diary Archives