[security-alerts] FW: [SA26779] Microsoft Visual Studio Two ActiveX Controls Insecure Methods

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

>
> TITLE:
> Microsoft Visual Studio Two ActiveX Controls Insecure Methods
>
> SECUNIA ADVISORY ID:
> SA26779
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26779/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Manipulation of data, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Visual Studio 6 Professional
> http://secunia.com/product/409/
> Microsoft Visual Studio 6 Enterprise
> http://secunia.com/product/408/
>
> DESCRIPTION:
> shinnai has reported some vulnerabilities in Microsoft Visual Studio,
> which can be exploited by malicious people to overwrite arbitrary
> files or potentially compromise a vulnerable system.
>
> 1) The "StartProcess()" and "SyncShell()" methods of the PDWizard.ocx
> ActiveX control can be exploited to execute arbitrary commands on the
> system. Other insecure methods have also been reported e.g.
> "SaveAs()", "CABDefaultURL()", "CABFileName()", and "CABRunFile()".
>
> 2) The "Load()" and "SaveAs()" methods of the VBTOVSI.DLL ActiveX
> control can be exploited to e.g. load a local file and save it in an
> arbitrary location or overwrite an arbitrary file.
>
> The vulnerabilities are reported in version 6.0. Other versions may
> also be affected.
>
> SOLUTION:
> Set the kill-bit for the ActiveX controls.
>
> PROVIDED AND/OR DISCOVERED BY:
> shinnai
>
> ORIGINAL ADVISORY:
> http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwt
> fe97I.html
> http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AG
> xVBjJ.html
>