Thread-topic: [SA26779] Microsoft Visual Studio Two ActiveX Controls Insecure Methods
> Microsoft Visual Studio Two ActiveX Controls Insecure Methods
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Highly critical
> Manipulation of data, System access
> From remote
> Microsoft Visual Studio 6 Professional
> Microsoft Visual Studio 6 Enterprise
> shinnai has reported some vulnerabilities in Microsoft Visual Studio,
> which can be exploited by malicious people to overwrite arbitrary
> files or potentially compromise a vulnerable system.
> 1) The "StartProcess()" and "SyncShell()" methods of the PDWizard.ocx
> ActiveX control can be exploited to execute arbitrary commands on the
> system. Other insecure methods have also been reported e.g.
> "SaveAs()", "CABDefaultURL()", "CABFileName()", and "CABRunFile()".
> 2) The "Load()" and "SaveAs()" methods of the VBTOVSI.DLL ActiveX
> control can be exploited to e.g. load a local file and save it in an
> arbitrary location or overwrite an arbitrary file.
> The vulnerabilities are reported in version 6.0. Other versions may
> also be affected.
> Set the kill-bit for the ActiveX controls.
> PROVIDED AND/OR DISCOVERED BY:
> ORIGINAL ADVISORY: