BugTraq
Back to list
|
Post reply
Re: Microsoft MCWNDX.OCX ActiveX buffer overflow
Aug 13 2003 05:50PM
xenophi1e (oliver lavery sympatico ca)
(1 replies)
In-Reply-To: <007201c361df$c311f0c0$329f8018@youru10ixi0anw>
Does anyone know what the guid for this control is? I don't have it on XP
with Visual Studio 6 installed.
Could this be the same as the Microsoft Multimedia Control, aka
MCI32.OCX?
Cheers,
~ol
> Microsoft MCWNDX.OCX ActiveX buffer overflow
> =================================================
>
> PROGRAM: MICROSOFT MCIWNDX.OCX ACTIVEX BUFFER OVERFLOW
>HOMEPAGE: www.microsoft.com
>VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with Visual Studio 6 to
>support multimedia programming.
>
> DESCRIPTION
> =================================================
>
> MCWNDX is an activeX shipped with Visual Studio 6 to
>support multimedia programming. Although not many people use it anymore,
>however it still can be called through CLSID in a website and passing a
>large amount of data to the activex will cause an buffer overflow.
>
>Since this Activex is only shipped with VIsual Studio 6.0, so only
>people who are having Visual Studio 6.0 will be affected or people
>who are still using old multimedia programs coded in Visual Studio 6.0
>(In my PC, the last date the ActiveX is patched is in 1996 ! I am using
>VS Sp 4)
>
>
> DETAILS
> =================================================
> The ActiveX has a property called "Filename" which is used to specify
>the .mci file to load. However if it is passed with a very large
>string(640KB
>is good enough :-) ), it will cause a bufferoverflow. (I can't overwrite
the
>EIP using this overflow in my XP, however it doesn't mean the problem
can't
>be exploited)
>
>Microsoft has been noticed but since the hole is maybe minor to them so
>they don't response to me even a short sentence like "Thank you !"
>
>
>
> WORKAROUND
> =================================================
>
> Delete the file MCWNDX.ocx in your SYSTEM32 directory if you are
>using 2000 or XP or in your SYSTEM directory if you are using WIN ME or
>below
>
>
>CREDITS
> =================================================
>
> Discovered by Tri Huynh from Sentry Union
>
>
> DISLAIMER
> =================================================
>
> The information within this paper may change without notice. Use of
> this information constitutes acceptance for use in an AS IS condition.
> There are NO warranties with regard to this information. In no event
> shall the author be liable for any damages whatsoever arising out of
> or in connection with the use or spread of this information. Any use
> of this information is at the user's own risk.
>
>
> FEEDBACK
> =================================================
>
> Please send suggestions, updates, and comments to: trihuynh (at) zeeup (dot) com [email concealed]
>
>
>
[ reply ]
RE: Microsoft MCWNDX.OCX ActiveX buffer overflow
Aug 13 2003 06:44PM
Drew Copley (dcopley eeye com)
(1 replies)
RE: Microsoft MCWNDX.OCX ActiveX buffer overflow
Aug 13 2003 07:09PM
Oliver Lavery (oliver lavery sympatico ca)
Privacy Statement
Copyright 2010, SecurityFocus
Does anyone know what the guid for this control is? I don't have it on XP
with Visual Studio 6 installed.
Could this be the same as the Microsoft Multimedia Control, aka
MCI32.OCX?
Cheers,
~ol
> Microsoft MCWNDX.OCX ActiveX buffer overflow
> =================================================
>
> PROGRAM: MICROSOFT MCIWNDX.OCX ACTIVEX BUFFER OVERFLOW
>HOMEPAGE: www.microsoft.com
>VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with Visual Studio 6 to
>support multimedia programming.
>
> DESCRIPTION
> =================================================
>
> MCWNDX is an activeX shipped with Visual Studio 6 to
>support multimedia programming. Although not many people use it anymore,
>however it still can be called through CLSID in a website and passing a
>large amount of data to the activex will cause an buffer overflow.
>
>Since this Activex is only shipped with VIsual Studio 6.0, so only
>people who are having Visual Studio 6.0 will be affected or people
>who are still using old multimedia programs coded in Visual Studio 6.0
>(In my PC, the last date the ActiveX is patched is in 1996 ! I am using
>VS Sp 4)
>
>
> DETAILS
> =================================================
> The ActiveX has a property called "Filename" which is used to specify
>the .mci file to load. However if it is passed with a very large
>string(640KB
>is good enough :-) ), it will cause a bufferoverflow. (I can't overwrite
the
>EIP using this overflow in my XP, however it doesn't mean the problem
can't
>be exploited)
>
>Microsoft has been noticed but since the hole is maybe minor to them so
>they don't response to me even a short sentence like "Thank you !"
>
>
>
> WORKAROUND
> =================================================
>
> Delete the file MCWNDX.ocx in your SYSTEM32 directory if you are
>using 2000 or XP or in your SYSTEM directory if you are using WIN ME or
>below
>
>
>CREDITS
> =================================================
>
> Discovered by Tri Huynh from Sentry Union
>
>
> DISLAIMER
> =================================================
>
> The information within this paper may change without notice. Use of
> this information constitutes acceptance for use in an AS IS condition.
> There are NO warranties with regard to this information. In no event
> shall the author be liable for any damages whatsoever arising out of
> or in connection with the use or spread of this information. Any use
> of this information is at the user's own risk.
>
>
> FEEDBACK
> =================================================
>
> Please send suggestions, updates, and comments to: trihuynh (at) zeeup (dot) com [email concealed]
>
>
>
[ reply ]