Vigil@nce: IE, vulnerabilities of several ActiveX of November 2009
November 2009 by Vigil@nce
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
– Severity: 2/4
– Consequences: user access/rights, data reading, data
creation/edition, data deletion
– Provenance: document
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 03/11/2009
IMPACTED PRODUCTS
– Microsoft Internet Explorer
DESCRIPTION OF THE VULNERABILITY
Several ActiveX can be used by a remote attacker to generate a
denial of service or to execute code.
An attacker can use the BrowseAndSaveFile() method of the ActiveX
Symantec ConsoleUtilities AeXNSConsoleUtilities.dll in order to
execute code on victim’s computer. [grav:2/4; BID-36698,
CVE-2009-3031, NSOADV-2009-001]
An attacker can generate a denial of service in the Novell Client
NWSETUP ActiveX. [grav:1/4]
CHARACTERISTICS
– Identifiers: BID-36698, CVE-2009-3031, NSOADV-2009-001,
VIGILANCE-VUL-9147
– Url: http://vigilance.fr/vulnerability/IE-vulnerabilities-of-several-ActiveX-of-November-2009-9147