IE keyframe() Meathod Vulnerability

[imhotep]

Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability

Description:

"nop has discovered a vulnerability in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a memory corruption error in the
Microsoft Multimedia Controls ActiveX control (daxctle.ocx) in
the "CPathCtl::KeyFrame()" function. This can be exploited by e.g. tricking
a user into viewing a malicious HTML document passing specially crafted
arguments to the ActiveX control's "KeyFrame()" method."

http://secunia.com/advisories/21910/

Imhotep

 

[MowGreen [MVP]]

Solution:

Set the kill bit for the vulnerable ActiveX control (see Microsoft advisory for details).
Only allow trusted websites to run ActiveX controls.

http://www.microsoft.com/technet/security/advisory/925444.mspx

We are also aware of proof of concept code published publicly and we are aware of
*limited attacks* that are attempting to use the reported vulnerability. Customers
would need to visit an attacker’s Web site to be at risk. We will continue to
investigate these public reports.

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============