2/02/2009

2009년 1월 ActiveX 관련 취약점들


대충 정리해 보면 다음과 같다. 대부분 "File Overwrite"라는 easy target이 중점적으로 발견되고 있다. 이는 아직 ActiveX 취약점 발견이 본격적인 궤도에 올라서 이뤄지는 것이 아님을 알려 준다. 앞으로 이 분야가 계속 exploit될 것으로 예측 된다. ActiveX를 대체할 많은 새로운 플랫폼이 존재하지만, 이미 깔려 있는 컨트롤에 대해서는 어떻게 할 수가 없기 때문이다.
 

Name

Type

[4/5] Synactis ALL In-The-Box ActiveX Control "SaveDoc()" Arbitrary File Overwrite

File Overwrite

Vuln: Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability

File Overwrite

Vuln: AXIS Camera Control ActiveX Control 'image_pan_tilt' Buffer Overflow Vulnerability

Buffer Overflow

Vuln: FlexCell Grid Control (ActiveX) Multiple Arbitrary File Overwrite Vulnerabilities

File Overwrite

Vuln: NCTsoft NCTAudioFile2 ActiveX Control NCTWMAFILE2.DLL Arbitrary File Overwrite Vulnerability

File Overwrite

[4/5] MW6 Technologies Barcode ActiveX "Supplement" Buffer Overflow

Buffer Overflow

[2/5] SmartVMD ActiveX Control Multiple Insecure Methods

File Overwrite

Vuln: MetaProducts MetaTreeX ActiveX Control 'SaveToBMP()' Arbitrary File Overwrite Vulnerability

File Overwrite

Vuln: Excel Viewer OCX ActiveX 'open()' Buffer Overflow Vulnerability

Buffer Overflow

Vuln: Easy Grid ActiveX Multiple Arbitrary File Overwrite Vulnerabilities

File Overwrite

[4/5] Symantec AppStream Client LaunchObj ActiveX Control Insecure Methods

Download And Execute

Vuln: Ciansoft PDFBuilderX Control (ActiveX) Arbitrary File Overwrite Vulnerability

File Overwrite

Excel Viewer OCX 3.2 Arbitrary File Download Vulnerabilities

File Overwrite

Vuln: Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability

File Overwrite

Vuln: Multiple Vendor SizerOne ActiveX Control 'AddTab' Method Buffer Overflow Vulnerability

Buffer Overflow

Vuln: Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability

File Overwrite

Posted via email from bugtruck's posterous

댓글 없음:

댓글 쓰기