|
| |
|
Security Intelligence Operations
| Microsoft Internet Explorer pdwizard.ocx ActiveX Control Memory Corruption Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unintended Weakness: Arbitrary Code Execution |
|
| IntelliShield ID: | 13942 |
| Version: | 2 |
| First Published: | August 14, 2007 03:30 PM EDT |
| Last Published: | August 23, 2007 06:42 AM EDT |
| Vector: | Network |
| Authentication: | None |
| Exploit: | Unproven |
| Port: |
Not Available
|
| CVE: | CVE-2007-3041 |
| BugTraq ID: | 25295 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Moderate Damage
|  |
| CVSS Base: | 9.3 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 6.9 |
|
|
| |
| Version Summary: | Avaya has released a security advisory to address the Microsoft Internet Explorer pdwizard.ocx ActiveX control memory corruption vulnerability. |
| |
| |
| Description |
|
Microsoft Internet Explorer versions 5.01 SP4 and prior, 6.0 SP2 and prior, and 7.0 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code or cause the browser to terminate.
This vulnerability exists due to improper IObjectSafety properties on affected ActiveX controls. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website that is designed to use the affected ActiveX control. If successful, this ActiveX control may trigger a corruption of system memory, which could allow the attacker to execute arbitrary code with the privileges of the user.
Microsoft confirmed this vulnerability in a security bulletin and released software updates. |
| |
| Warning Indicators |
|
Microsoft Internet Explorer versions 5.01 SP4 and prior, 6.0 SP2 and prior, and 7.0 are vulnerable on the following operating systems:
-
Microsoft Windows 2000 SP4 and prior
-
Microsoft Windows XP SP2 and prior
-
Microsoft Windows XP Professional x64 Edition SP2 and prior
-
Microsoft Windows Server 2003 SP2 and prior
-
Microsoft Windows Server 2003 for Itanium-based Systems SP2 and prior
-
Microsoft Windows Server 2003 x64 Edition SP2 and prior
-
Microsoft Windows Vista
-
Microsoft Windows Vista x64 |
| |
| IntelliShield Analysis |
|
The systems most at risk to exploits of this vulnerability are development systems that contain Microsoft Visual Basic or Visual Studio. Attackers must rely on user interaction to exploit this vulnerability. If an exploit is successful, the attacker could execute arbitrary code with the privileges of the user who launched Internet Explorer. On systems that grant users Administrator privileges, the attacker could take complete control over an affected system.
The update available from Microsoft corrects this vulnerability by preventing the vulnerable ActiveX control from running within Internet Explorer. |
| |
 Vendor Announcements |
|
Microsoft has released a security bulletin at the following link: MS07-045
Avaya has released a security advisory at the following link: ASA-2007-364 |
|
| |
| Impact |
|
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user or cause Internet Explorer to terminate. The target user's privileges determine the level of system compromise. If an affected system grants the user Administrator privileges, an attacker could take complete control of the system. |
| |
| Technical Information |
|
This vulnerability exists due to improper IObjectSafety properties on affected ActiveX controls. The pdwizard.ocx ActiveX control exists as part of Microsoft Visual Basic. When this control is instantiated within Internet Explorer, system memory corruption may occur. This corruption could allow an attacker to cause Internet Explorer to terminate or allow for arbitrary code execution with the privileges of the user who launched the affected application. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate updates.
Users are advised not to open e-mail from untrusted sources.
Users are advised to run applications with the lowest necessary privileges.
Users are advised not to follow unsolicited links. Users should verify the authenticity of an unexpected link from a trusted source prior to following it.
Administrators may consider disabling ActiveX.
Administrators may consider disabling the pdwizard.ocx ActiveX control by enabling its kill bit in the Windows Registry via the following entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility \{0DDF3B5C-E692-11D1-AB06-00AA00BDD685}] "Compatibility Flags"=3Ddword:00000400 |
| |
| Patches/Software |
|
Microsoft has released updated software at the following links:
|
|
| Signatures |
| |
|
|
| |
| Alert History |
| |
Version 1, August 14, 2007, 3:30 PM: Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to cause the browser to terminate or execute arbitrary code. Updates are available. |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
