Executive Summary
Summary | |
---|---|
Title | Update Rollup for ActiveX Kill Bits |
Informations | |||
---|---|---|---|
Name | KB960715 | First vendor Publication | 2009-02-10 |
Vendor | Microsoft | Last vendor Modification | 2009-06-17 |
Severity (Vendor) | N/A | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is releasing a new set of ActiveX kill bits with this advisory. The update includes kill bits for previously published Microsoft security bulletins:
The update also includes kill bits for the following third-party software:
For more information about installing this update, see Microsoft Knowledge Base Article 960715. General InformationOverviewPurpose of Advisory: Notification of the availability of an update of ActiveX kill bits. Advisory Status: Microsoft Knowledge Base Article and associated update were released. Recommendation: Review the referenced Knowledge Base Article and apply the appropriate update.
This advisory discusses the following software.
Frequently Asked QuestionsDo users with a Windows Server 2008 Server Core installation need to install this update? Why does this advisory not have a security rating associated with it? Does this update replace the Cumulative Security Update of ActiveX Kill Bits (950760)? Why is Microsoft releasing this Update Rollup for ActiveX Kill Bits with a security advisory when previous kill bit updates were released with a security bulletin? Does this update contain kill bits that were previously released in an Update Rollup for ActiveX Kill Bits? Does this update contain kill bits that were previously released in an Internet Explorer security update? What is a kill bit? For more information, see Microsoft Knowledge Base Article 240797: How to stop an ActiveX control from running in Internet Explorer. What is a security update of ActiveX kill bits? Why does this update not contain any binary files? Should I install this update if I do not have the affected component installed or use the affected platform? Do I need to reapply this update if I install an ActiveX control discussed in this security update at a later date? What does this update do? The following class identifier relates to a request by Akamai to set the kill bit for a class identifier that is vulnerable. Further details can be found in the security release issued by Akamai:
The following class identifier relates to a request by Research In Motion (RIM) to set the kill bit for a class identifier that is vulnerable. Further details can be found in the security release issued by RIM:
The following class identifiers relate to the CAPICOM control addressed in Microsoft Security Bulletin MS08-070, Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349):
Suggested ActionsReview the Microsoft Knowledge Base Article that is associated with this advisory Microsoft encourages customers to install this update. Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 960715. WorkaroundsWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:
|
Original Source
Url : http://www.microsoft.com/technet/security/advisory/960715.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51833 | BlackBerry Application Web Loader ActiveX (AxLoader) Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-19 | IAVM : 2009-A-0016 - Blackberry Application Web Loader Vulnerability Severity : Category II - VMSKEY : V0018403 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-09-03 | Microsoft Windows Visual Basic Charts ActiveX function call access RuleID : 35423 - Revision : 3 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call access RuleID : 27758 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid access RuleID : 27757 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Akamai DownloadManager ActiveX function call unicode access RuleID : 15318 - Revision : 4 - Type : WEB-ACTIVEX |
2014-01-10 | Akamai DownloadManager ActiveX function call access RuleID : 15317 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Akamai DownloadManager ActiveX clsid unicode access RuleID : 15316 - Revision : 4 - Type : WEB-ACTIVEX |
2014-01-10 | Akamai DownloadManager ActiveX clsid access RuleID : 15315 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Research In Motion AxLoader ActiveX function call unicode access RuleID : 15314 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Research In Motion AxLoader ActiveX function call access RuleID : 15313 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Research In Motion AxLoader ActiveX clsid unicode access RuleID : 15312 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Research In Motion AxLoader ActiveX clsid access RuleID : 15311 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Animation Control ActiveX function call unicode access RuleID : 15310 - Revision : 4 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Animation Control ActiveX function call access RuleID : 15309 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Animation Control ActiveX clsid unicode access RuleID : 15308 - Revision : 4 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Animation Control ActiveX clsid access RuleID : 15307 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX function call unicode access RuleID : 15121 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX function call access RuleID : 15120 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX clsid unicode access RuleID : 15119 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX clsid access RuleID : 15118 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call unicode ac... RuleID : 15103 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call ac... RuleID : 15102 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid unicode access RuleID : 15101 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access RuleID : 15100 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic FlexGrid ActiveX function call unicode access RuleID : 15099 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic FlexGrid ActiveX function call access RuleID : 15098 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic FlexGrid ActiveX clsid unicode access RuleID : 15097 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic FlexGrid ActiveX clsid access RuleID : 15096 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic DataGrid ActiveX function call unicode access RuleID : 15095 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic DataGrid ActiveX function call access RuleID : 15094 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic DataGrid ActiveX clsid unicode access RuleID : 15093 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic DataGrid ActiveX clsid access RuleID : 15092 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Charts ActiveX function call unicode access RuleID : 15091 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Charts ActiveX function call access RuleID : 15090 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Charts ActiveX clsid unicode access RuleID : 15089 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Charts ActiveX clsid access RuleID : 15088 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Common Controls Animation Object ActiveX function call unicode access RuleID : 15087 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Common Controls Animation Object ActiveX function call access RuleID : 15086 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Common Controls Animation Object ActiveX clsid unicode access RuleID : 15085 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Common Controls Animation Object ActiveX clsid access RuleID : 15084 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call unicode access RuleID : 14024 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call access RuleID : 14023 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid unicode access RuleID : 14022 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid access RuleID : 14021 - Revision : 19 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-02-11 | Name : The remote Windows host is missing a security update containing ActiveX kill ... File : smb_kb_960715.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-06-28 20:08:57 |
|
2015-09-03 21:24:10 |
|
2014-02-17 11:38:47 |
|
2014-01-19 21:29:42 |
|