Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » ActiveX File Overwrite/Delete Vulnerabilities
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 10-27-2007, 05:12 AM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 295
ActiveX File Overwrite/Delete Vulnerabilities
ActiveX File Overwrite/Delete Vulnerabilities
<p>These days a new type of vulnerability is becoming more popular. It is an arbitrary file overwrite/delete vulnerability that can be exploited by attackers to overwrite or delete arbitrary files on an affected computer. These vulnerabilities exist particularly because of a registered ActiveX control failing to restrict which domains may load the control for execution. An attack exploiting this vuln can lead to arbitrary code execution by a remote attacker.</p>

<p>Successful exploitation of this vulnerability allows attackers to create or append to arbitrary files. An attacker can write to a startup folder to execute arbitrary code during the next reboot or logon session. A user will not be required to authorize the object instantiation since the object is within a signed ActiveX control. A typical exploitation scenario would require an attacker to convince a targeted user to visit a malicious Web site.</p>

<p>We have come across approximately 40 issues involving this type of vuln since May 2007 and still these types of vulnerabilities are growing, which hints at a new class of vulnerabilities in the making. Some of the more popular products affected with these vulnerabilities include VMware, Microsoft Visual Studio, NCTSoft, and HP Photo Digital Imaging. These vulnerabilities are easy to exploit, simply by creating your own batch file or malicious .exe file and saving it in a vulnerable computer’s root or system directory.</p>

<p>By default, Internet Explorer blocks ActiveX controls, so end users should not allow the loading of un-trusted ActiveX controls. Also, Symantec provides protection for the above mentioned type of vulnerabilities.</p>

<p><a href="http://www.symantec.com/enterprise/security_response/weblog/upload/2007/10/PV_actvx_lrg.html" onclick="window.open('http://www.symantec.com/enterprise/security_response/weblog/upload/2007/10/PV_actvx_lrg.html','popup','width=1024,height=768, scrollbars=no,resizable=no,toolbar=no,directories= no,location=no,menubar=no,status=no,left=0,top=0') ; return false"><img src="http://www.symantec.com/enterprise/security_response/weblog/upload/2007/10/PV_actvx_sml.jpeg" width="370" height="278" /></a></p>
http://www.symantec.com/enterprise/security_response/weblog/2007/10/activex_file_overwritedelete_v.html
http://www.symantec.com/enterprise/security_response/weblog/2007/10/activex_file_overwritedelete_v.html
Tue, 23 Oct 2007 05:00:00 -0800
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump



    All times are GMT -5. The time now is 08:41 AM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2