Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability

An unchecked buffer exists in the System Monitor ActiveX Control included with Microsoft Windows 2000 (sysmon.ocx, classid:C4D2D8E0-D1DD-11CE-940F-008029004347). Depending on the data entered when invoking the ActiveX control, a malicious user could either launch a denial of service attack or execute arbitrary code on a remote system. This can be exploited remotely via either a web browser or html-complaint email, provided that ACtiveX is enabled in the browser or mail client.

The problem is in the LogFileName parameter supplied to the control. If the length of the data entered as this value is longer than 2000 characters, memory containing executable code will be overwritten with the remotely-supplied data. This data will then be executed on the target system at the current user's privilege level.


 

Privacy Statement
Copyright 2010, SecurityFocus