Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability
Secunia Advisory: SA21910
Release Date: 2006-09-14
Last Update: 2006-09-15
Critical:
Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x
CVE reference: CVE-2006-4777 (Secunia mirror)
Description:
nop has discovered a vulnerability in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a memory corruption error in the
Microsoft Multimedia Controls ActiveX control (daxctle.ocx) in the
"CPathCtl::KeyFrame()" function. This can be exploited by e.g. tricking
a user into viewing a malicious HTML document passing specially crafted
arguments to the ActiveX control's "KeyFrame()" method.
Successful exploitation allows execution of arbitrary code.
NOTE: A somewhat working exploit is publicly available for partially
patched versions of Windows 2000. However, Secunia has successfully
created a fully working exploit for Windows XP SP2 (fully patched).
It is also possible to crash the browser via the "Spline()" method.
Solution:
Only allow trusted websites to run ActiveX controls.
Provided and/or discovered by:
nop
Changelog:
2006-09-15: Added Microsoft, US-CERT, and CVE references.
Original Advisory:
http://www.xsec.org/index.php?module=releases&act=view&type=2&id=20
Microsoft:
http://www.microsoft.com/technet/security/advisory/925444.mspx
Other References:
US-CERT VU#377369:
http://www.kb.cert.org/vuls/id/377369
Please note: The information that this Secunia Advisory is based on
comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports
issued by security research groups, vendors, and others.
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
