__/ [ Mark Kent ] on Friday 15 September 2006 16:24 \__
> begin oe_protect.scr
> Peter Köhlmann <peter.koehlmann@xxxxxxxxxxx> espoused:
>> http://www.kb.cert.org/vuls/id/377369
>>
>> From that site:
>>
>> Vulnerability Note VU#377369
>> Microsoft DirectAnimation Path ActiveX control fails to validate input
>>
>> Overview
>> The Microsoft DirectAnimation Path ActiveX control fails to properly
>> validate input. This may allow a remote, unauthenticated attacker to
>> execute arbitrary code on a vulnerable system.
>>
>> I. Description
>> The Microsoft DirectAnimation Path object is an ActiveX control that is
>> used to move objects around the page. This ActiveX control fails to
>> validate input to several of its methods, which can cause Internet
>> Explorer or another host application to crash in an exploitable manner.
>>
>> II. Impact
>> By convincing a user to view a specially crafted HTML document (e.g., a
>> web page or an HTML email message or attachment), an attacker may be able
>> to execute arbitrary code with the privileges of the user. The attacker
>> could also cause Internet Explorer (or the program using the WebBrowser
>> control) to crash.
>>
>>
>>
>> Well, well
>> According to our resident widiots, this does not happen
>> They are *safe* and their systems are *secure* and never ever have been
>> compromised in any which way
>
> Almost deserves to be a [News] item, that... :-)
But, Mark, it's nothing new. *smile* It has been going on since Windows had
gone online. Remember nuking and anti-nuking in Windows 95 (BSoD any IP)? I
sure do.
Best wishes,
Roy
--
Roy S. Schestowitz | (S)oftware (U)nd (S)ystem(E)ntwicklung
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Swap: 1036184k total, 320036k used, 716148k free, 56296k cached
http://iuron.com - next generation of search paradigms
|
|