28842 : Microsoft IE daxctle.ocx KeyFrame() Method Overflow
Printer | http://osvdb.org/28842 | Email This | Edit Vulnerability

Views This Week
3

Views All Time
225

Info

Last Modified
7 months ago

Percent Complete
100%

Disclosure
Aug 27, 2006

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 A remote overflow exists in Microsoft Internet Explorer. The browser fails to check the bounds on the keyframe function call resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code to execute with the permissions of the browser resulting in a loss of confidentiality, integrity, and/or availability.

Classification

 Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

 Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable active scripting or execution of activeX controls. Alternatively, it is possible to set the kill bit for the vulnerable activeX control.

Products
Microsoft Corporation
Watch-list
Internet Explorer
Watch-list
 6.0

References

Tools & Filters

Nessus

 23644

Snort

 7009 8741 8742 8743 8744 8745 8746 8747 8748 8749 8750 8751 8752 8753 8754 8755 8756 8757 8758 8759 8760 8761 8762 8763 8764 8765 8766 8767 8768 8769 8770 8771 8772 8773 8774 8775 8776 8777 8778 8779 8780 8781 8782 8783 8784 8785 8786 8787 8788 8789 8790 8791 8792 8793 8794 8795 8796 8797 8798 8799 8800 8801 8802 8803 8804 8805 8806 8807 8808 8809 8810 8811 8812 8813 8814 8815 8816 8817 8818 8819 8820 ... and 26 more

Credit
  • nop - nopBrand New Doo Dooxsec.org - XSec

Blogs

Provided by Technorati

 None found at this time

Comments

Add Comment

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use