Executive Summary
Summary | |
---|---|
Title | RIM BlackBerry Application Web Loader ActiveX stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#131100 | First vendor Publication | 2009-02-10 |
Vendor | VU-CERT | Last vendor Modification | 2009-02-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#131100RIM BlackBerry Application Web Loader ActiveX stack buffer overflowOverviewThe RIM BlackBerry Application Web Loader ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionThe RIM BlackBerry Application Web Loader is an ActiveX control that is used to load applications onto a BlackBerry device using a PC and Internet Explorer. After the BlackBerry Application Web Loader ActiveX control is used to load software onto a BlackBerry device, the ActiveX control remains on the PC. The ActiveX control is marked "Safe for Scripting" and is scriptable by web pages in any domain. The BlackBerry Application Web Loader ActiveX control, which is provided by AxLoader.ocx or AxLoader.dll, contains stack buffer overflows in the load() and loadJad() methods.II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.III. SolutionApply an updateThis issue is addressed in Microsoft Security Advisory 960715. This update sets the kill bit for the vulnerable ActiveX control. Developers and web site administrators should install and use the BlackBerry Application Web Loader 1.1 component. Note that installing this package will not register the new ActiveX control on the system automatically. The 1.1 version of the ActiveX control has a different CLSID than the vulnerable version of the control, so it is unaffected by the kill bit that was deployed as part of Microsoft Security Advisory 960715. Please see the BlackBerry Technical Solution KB16248 for more details.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{4788DE08-3552-49EA-AC8C-233DA52523B9}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
Referenceshttp://www.cert.org/tech_tips/securing_browser/ Thanks to Andre Protas and Greg Linares of eEye Research for reporting this vulnerability. The vulnerability was also independently discovered and reported by Chris Weber of Casaba Security. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/131100 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51833 | BlackBerry Application Web Loader ActiveX (AxLoader) Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-19 | IAVM : 2009-A-0016 - Blackberry Application Web Loader Vulnerability Severity : Category II - VMSKEY : V0018403 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Research In Motion AxLoader ActiveX function call unicode access RuleID : 15314 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Research In Motion AxLoader ActiveX function call access RuleID : 15313 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Research In Motion AxLoader ActiveX clsid unicode access RuleID : 15312 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Research In Motion AxLoader ActiveX clsid access RuleID : 15311 - Revision : 11 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-02-11 | Name : The remote Windows host is missing a security update containing ActiveX kill ... File : smb_kb_960715.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:56:51 |
|