DarkFiber Consulting - IT Managed Services » Activex Control

Veritas NetBackup Server/Enterprise Server Vulnerabilities

DarkFiber Consulting — Fri, 26 Sep 2008 04:12:51 +0000

Symantec has released a Security Advisory to address multiple vulnerabilities in the Veritas NetBackup Server/Enterprise Server. These vulnerabilities are due to stack-based buffer overflow conditions and unsafe method calls within an ActiveX control that is part of the scheduler component. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

DarkFiber Consulting encourages users to review the Symantec Security Advisory and apply any necessary updates to help mitigate the risks.

Tags: Activex Control, Address, Arbitrary Code, Attacker, Based Buffer Overflow, Enterprise Server, Necessary Updates, Overflow Conditions, Server Enterprise, Server Vulnerabilities, Symantec, Symantec Security, Veritas Netbackup, Vulnerability

Novell Releases Update for iPrint Vulnerability

DarkFiber Consulting — Thu, 04 Sep 2008 19:15:36 +0000

Novell has released an update to address multiple vulnerabilities in iPrint. These vulnerabilities are due to the following:

multiple buffer overflow conditions within the Novell iPrint ActiveX control (ienipp.ocx)
multiple buffer overflow conditions within nipplib.dll
an insecure “GetFileList()” method

Exploitation of this vulnerability may allow an attacker to execute arbitrary code or obtain sensitive information.

DarkFiber Consulting encourages users to review Novell documents 5034540 and 5034560 and apply any necessary updates.

Tags: Activex Control, Address, Arbitrary Code, Attacker, Multiple Buffer Overflow, Necessary Updates, Novell, Novell Iprint, Overflow Conditions, Vulnerabilities, Vulnerability

Webex Meeting Manager ActiveX Control Vulnerability

DarkFiber Consulting — Mon, 11 Aug 2008 16:41:44 +0000

DarkFiber Consulting is aware of public reports of a vulnerability that affects Webex Meeting Manager. This vulnerability is due to improper handling of arguments passed to the “NewObject()” method within the WebexUCFObject ActiveX control (atucfobj.dll). By convincing a user to visit a specially crafted web page, a remote attacker may be able to execute arbitrary code.

Public reports indicate that Webex has addressed this issue in Meeting Manager version 20.2008.2606.4919. DarkFiber Consulting encourages users to upgrade to this version or set the kill bit for CLSID 32E26FD9-F435-4A20-A561-35D4B987CFDC. Information about how to set a kill bit can be found in Microsoft Support Article 240797.

Tags: Activex Control, Activex Dll, Arbitrary Code, Attacker, Microsoft, Microsoft Support, Public Reports, Support Article, Vulnerability, Web Page, Webex

Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control

DarkFiber Consulting — Mon, 14 Jul 2008 09:26:06 +0000

Microsoft has released a Security Advisory to address a vulnerability in a Microsoft Access ActiveX control. By convincing a user to visit a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code. The Advisory also indicates that the vulnerability is being used in active, targeted attacks.

DarkFiber Consulting encourages users to review Microsoft Security Advisory 955179 and apply the workarounds to help mitigate the risks. Additional information regarding this issue can be found in the Vulnerability Notes Database.

Tags: Access Control, Activex Control, Address, Arbitrary Code, Attacker, Control Microsoft, Microsoft, Microsoft Access, Microsoft Activex, Microsoft Releases Security Advisory, Microsoft Security Advisory, Microsoft Viewer, Snapshot Viewer, Vulnerability Notes Database, Web Page, Workarounds