Executive Summary

Summary
Title Cumulative Security Update of ActiveX Kill Bits (973346)
Informations
Name MS09-032 First vendor Publication 2009-07-14
Vendor Microsoft Last vendor Modification 2009-07-23
Severity (Vendor) Critical Revision 1.2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.2 (July 23, 2009): Clarified the FAQ about Microsoft-specific kill bits contained in this update.Summary: This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS09-032.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6333
 
Oval ID: oval:org.mitre.oval:def:6333
Title: Microsoft Video ActiveX Control Vulnerability
Description: Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-0015
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6363
 
Oval ID: oval:org.mitre.oval:def:6363
Title: Microsoft Video ActiveX Control Vulnerability
Description: Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-0015
 Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
 Product(s): Microsoft Outlook Express
Windows Media Player
Windows ATL Component
DHTML Editing Component ActiveX Control
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7436
 
Oval ID: oval:org.mitre.oval:def:7436
Title: Microsoft Video ActiveX Control Vulnerability
Description: Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-0015
 Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
 Product(s): Microsoft Outlook Express
Windows Media Player
Windows ATL Component
DHTML Editing Component ActiveX Control
HtmlInput Object ActiveX Control
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3
Os 3

SAINT Exploits

Description Link
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow More info here

ExploitDB Exploits

id Description
2010-04-30 Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

OpenVAS Exploits

Date Description
2009-08-14 Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
File : nvt/secpod_ms09-037.nasl
2009-07-09 Name : Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
File : nvt/gb_ms_video_actvx_bof_vuln_jul09.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
55651 Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest...

A buffer overflow exists in Windows. The DirectShow ActiveX control fails to validate data passed to the IMPEG2TuneRequest interface resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-08-13 IAVM : 2009-A-0067 - Multiple Vulnerabilities in Microsoft Active Template Library
Severity : Category II - VMSKEY : V0019882

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt
RuleID : 20744 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft DirectShow 3 ActiveX exploit via JavaScript
RuleID : 16602 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 6 ActiveX function call unicode access
RuleID : 15905 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 6 ActiveX function call access
RuleID : 15904 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding
RuleID : 15679 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft DirectShow ActiveX exploit via JavaScript
RuleID : 15678 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 9 ActiveX clsid unicode access
RuleID : 15677 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 9 ActiveX clsid access
RuleID : 15676 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 8 ActiveX clsid unicode access
RuleID : 15675 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 8 ActiveX clsid access
RuleID : 15674 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 7 ActiveX clsid unicode access
RuleID : 15673 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 7 ActiveX clsid access
RuleID : 15672 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 6 ActiveX function call
RuleID : 15671 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 6 ActiveX clsid access
RuleID : 15670 - Revision : 18 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 5 ActiveX clsid unicode access
RuleID : 15669 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 5 ActiveX clsid access
RuleID : 15668 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 45 ActiveX clsid unicode access
RuleID : 15667 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 45 ActiveX clsid access
RuleID : 15666 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 44 ActiveX clsid unicode access
RuleID : 15665 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 44 ActiveX clsid access
RuleID : 15664 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 43 ActiveX clsid unicode access
RuleID : 15663 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 43 ActiveX clsid access
RuleID : 15662 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 42 ActiveX clsid unicode access
RuleID : 15661 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 42 ActiveX clsid access
RuleID : 15660 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 41 ActiveX clsid unicode access
RuleID : 15659 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 41 ActiveX clsid access
RuleID : 15658 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 40 ActiveX clsid unicode access
RuleID : 15657 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 40 ActiveX clsid access
RuleID : 15656 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 4 ActiveX clsid unicode access
RuleID : 15655 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 4 ActiveX clsid access
RuleID : 15654 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 39 ActiveX clsid unicode access
RuleID : 15653 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 39 ActiveX clsid access
RuleID : 15652 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 38 ActiveX clsid unicode access
RuleID : 15651 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 38 ActiveX clsid access
RuleID : 15650 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 37 ActiveX clsid unicode access
RuleID : 15649 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 37 ActiveX clsid access
RuleID : 15648 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 36 ActiveX clsid unicode access
RuleID : 15647 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 36 ActiveX clsid access
RuleID : 15646 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 35 ActiveX clsid unicode access
RuleID : 15645 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 35 ActiveX clsid access
RuleID : 15644 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 34 ActiveX clsid unicode access
RuleID : 15643 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 34 ActiveX clsid access
RuleID : 15642 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 33 ActiveX clsid unicode access
RuleID : 15641 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 33 ActiveX clsid access
RuleID : 15640 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 32 ActiveX clsid unicode access
RuleID : 15639 - Revision : 10 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 32 ActiveX clsid access
RuleID : 15638 - Revision : 18 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 31 ActiveX clsid unicode access
RuleID : 15637 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 31 ActiveX clsid access
RuleID : 15636 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 30 ActiveX clsid unicode access
RuleID : 15635 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 30 ActiveX clsid access
RuleID : 15634 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 3 ActiveX clsid unicode access
RuleID : 15633 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 3 ActiveX clsid access
RuleID : 15632 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 29 ActiveX clsid unicode access
RuleID : 15631 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 29 ActiveX clsid access
RuleID : 15630 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 28 ActiveX clsid unicode access
RuleID : 15629 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 28 ActiveX clsid access
RuleID : 15628 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 27 ActiveX clsid unicode access
RuleID : 15627 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 27 ActiveX clsid access
RuleID : 15626 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 26 ActiveX clsid unicode access
RuleID : 15625 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 26 ActiveX clsid access
RuleID : 15624 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 25 ActiveX clsid unicode access
RuleID : 15623 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 25 ActiveX clsid access
RuleID : 15622 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 24 ActiveX clsid unicode access
RuleID : 15621 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 24 ActiveX clsid access
RuleID : 15620 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 23 ActiveX clsid unicode access
RuleID : 15619 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 23 ActiveX clsid access
RuleID : 15618 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 22 ActiveX clsid unicode access
RuleID : 15617 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 22 ActiveX clsid access
RuleID : 15616 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 21 ActiveX clsid unicode access
RuleID : 15615 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 21 ActiveX clsid access
RuleID : 15614 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 20 ActiveX clsid unicode access
RuleID : 15613 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 20 ActiveX clsid access
RuleID : 15612 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 2 ActiveX clsid unicode access
RuleID : 15611 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 2 ActiveX clsid access
RuleID : 15610 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 19 ActiveX clsid unicode access
RuleID : 15609 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 19 ActiveX clsid access
RuleID : 15608 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 18 ActiveX clsid unicode access
RuleID : 15607 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 18 ActiveX clsid access
RuleID : 15606 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 17 ActiveX clsid unicode access
RuleID : 15605 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 17 ActiveX clsid access
RuleID : 15604 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 16 ActiveX clsid unicode access
RuleID : 15603 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 16 ActiveX clsid access
RuleID : 15602 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 15 ActiveX clsid unicode access
RuleID : 15601 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 15 ActiveX clsid access
RuleID : 15600 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 14 ActiveX clsid unicode access
RuleID : 15599 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 14 ActiveX clsid access
RuleID : 15598 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 13 ActiveX clsid unicode access
RuleID : 15597 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 13 ActiveX clsid access
RuleID : 15596 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 12 ActiveX clsid unicode access
RuleID : 15595 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 12 ActiveX clsid access
RuleID : 15594 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 11 ActiveX clsid unicode access
RuleID : 15593 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 11 ActiveX clsid access
RuleID : 15592 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 10 ActiveX clsid unicode access
RuleID : 15591 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 10 ActiveX clsid access
RuleID : 15590 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Video 1 ActiveX clsid unicode access
RuleID : 15589 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Video 1 ActiveX clsid access
RuleID : 15588 - Revision : 13 - Type : BROWSER-PLUGINS

Metasploit Database

id Description
2009-07-05 Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

Nessus® Vulnerability Scanner

Date Description
2009-08-11 Name : Arbitrary code can be executed on the remote host through Microsoft Active Te...
File : smb_nt_ms09-037.nasl - Type : ACT_GATHER_INFO
2009-07-07 Name : The remote Windows host is missing a security update containing ActiveX kill ...
File : smb_kb_972890.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2020-05-23 13:17:13
  • Multiple Updates
2016-04-26 18:00:59
  • Multiple Updates
2014-02-17 11:46:16
  • Multiple Updates
2014-01-19 21:30:20
  • Multiple Updates