Severity: 2/4

Consequences: user access/rights

Provenance: document

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 4

Creation date: 10/06/2009

Revision date: 17/06/2009

IMPACTED PRODUCTS

 Microsoft Internet Explorer

DESCRIPTION OF THE VULNERABILITY

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.

An attacker can use a vulnerability of the MSCOMM32.OCX ATL Loader ActiveX in order to execute code on victim’s computer. [grav:2/4; 969898, BID-35218, CVE-2008-0024]

An attacker can use a vulnerability of the Derivco Microgaming FlashXControl ActiveX in order to execute code on victim’s computer. [grav:2/4; 969898, BID-35247]

An attacker can use a vulnerability of the eBay Enhanced Picture Services ActiveX in order to execute code on victim’s computer. [grav:2/4; 969898, BID-35248, CVE-2008-2475, VU#983731]

An attacker can use the WriteTaskDataToIniFile() method of the McAfee Policy Manager naPolicyManager.dll ActiveX in order to create a file on victim’s computer. [grav:1/4]

CHARACTERISTICS

Identifiers: 969898, BID-35218, BID-35247, BID-35248, CVE-2008-0024, CVE-2008-2475, VIGILANCE-VUL-8785, VU#983731

http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-June-2009-8785