9.3 - VU#180513

Executive Summary

Summary
Title	Microsoft Video ActiveX control stack buffer overflow

Informations
Name	VU#180513	First vendor Publication	2009-07-06
Vendor	VU-CERT	Last vendor Modification	2009-07-15
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#180513

Microsoft Video ActiveX control stack buffer overflow

Overview

The Microsoft Video ActiveX control contains a stack buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Microsoft Windows comes with an ActiveX component called "ActiveX control for streaming video," which is provided by msvidctl.dll. This component provides a number of Class Identifiers (CLSIDs) that are marked as Safe for Scripting and Safe for Initialization, which means that they can be used by Internet Explorer. The ActiveX controls provided by msvidctl.dll fail to properly handle file input, which can result in stack memory corruption. This can allow the Structured Exception Handler (SEH) to be overwritten, thus allowing subversion of the program execution flow.

II. Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.

III. Solution

Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS09-032 for more information.

Disable the vulnerable ActiveX controls

Microsoft Security Advisory (972890) explains how to disable the 45 ActiveX controls provided by msvidctl.dll to mitigate this vulnerability. A Microsoft Fix it application is provided in Microsoft Knowledgebase article 972890 to disable these controls.

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft Corporation	Vulnerable		2009-07-15

References

http://www.cert.org/tech_tips/securing_browser/
http://www.microsoft.com/technet/security/advisory/972890.mspx
http://support.microsoft.com/kb/972890
http://dvlabs.tippingpoint.com/blog/2009/07/09/microsoft-video-activex-control-0day-technical-details
http://addxorrol.blogspot.com/2009/07/poking-around-msvidctldll.html
http://isc.sans.org/diary.html?storyid=6733
http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799
http://blogs.technet.com/srd/archive/2009/07/06/new-vulnerability-in-mpeg2tunerequest-activex-control-object-in-msvidctl-dll.aspx
http://www.us-cert.gov/cas/techalerts/TA09-187A.html
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx

Credit

This document was written by Will Dormann.

Other Information

Date Public:	2009-07-04
Date First Published:	2009-07-06
Date Last Updated:	2009-07-15
CERT Advisory:
CVE-ID(s):	CVE-2008-0015
NVD-ID(s):	CVE-2008-0015
US-CERT Technical Alerts:	TA09-187A; TA09-195A
Metric:	65.31
Document Revision:	24

Original Source

Url : http://www.kb.cert.org/vuls/id/180513

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6333

Oval ID:	oval:org.mitre.oval:def:6333
Title:	Microsoft Video ActiveX Control Vulnerability
Description:	Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0015	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):
Definition Synopsis:
IF Microsoft Windows 2000 SP4 or later is installed AND Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Windows Vista is installed AND Windows Server 2008 is installed AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}!Compatibility Flags is not equal to 0x00000400

Definition Id: oval:org.mitre.oval:def:6363

Oval ID:	oval:org.mitre.oval:def:6363
Title:	Microsoft Video ActiveX Control Vulnerability
Description:	Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0015	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control
Definition Synopsis:
Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Microsoft Outlook Express 6 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Microsoft Outlook Express 6 on Windows XP SP2 (64-bit) Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 AND Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (ia64) Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3271 OR Windows Media Player 9 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4074 OR Windows Media Player 10 on Windows XP SP2 (x64-bit) Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 10 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 10 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows XP SP2 (x64-bit) Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.16000 AND the version of Wmp.dll is less than 11.0.6000.6352 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.18000 AND the version of Wmp.dll is less than 11.0.6001.7007 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.18000 AND the version of Wmp.dll is less than 11.0.6002.18065 OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND the version of Wmp.dll is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.22000 AND the version of Wmp.dll is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.22000 AND the version of Wmp.dll is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit IF Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x64, Server 2003 x86/x64 IF Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386

Definition Id: oval:org.mitre.oval:def:7436

Oval ID:	oval:org.mitre.oval:def:7436
Title:	Microsoft Video ActiveX Control Vulnerability
Description:	Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0015	Version:	16
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control HtmlInput Object ActiveX Control
Definition Synopsis:
Microsoft Outlook Express 5.5 SP2 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP x86 Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND Check for affected platforms with vulnerable file Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Check for Windows XP (64-bit) and 2003 x86/x64/ia64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 (KB973540) Microsoft Windows 2000 is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks Wmp.dll version is less than 9.0.0.4507 AND Wmpdxm.dll version is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP x86/x64, Server 2003 x86/x64 (KB973540) Windows Media Player v10 is installed. AND Check for affected platforms with vulnerable file Check for Windows XP Microsoft Windows XP (32-bit) is installed AND file checks Wmp.dll version is less than 10.0.0.4074 AND Wmpdxm.dll version is less than 10.0.0.4074 OR Check for Windows XP x64, Windows Server 2003 x64 OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND file checks the version of Wwmp.dll is less than 10.0.0.4006 AND Wwmpdxm.dll version is less than 10.0.0.4006 OR Check for Windows Server 2003 x86 Microsoft Windows Server 2003 (32-bit) is installed AND file checks the version of Wmp.dll is less than 10.0.0.4006 AND Wmpdxm.dll version is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP x86/x64 (KB973540) OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Windows Media Player v11 is installed. AND file checks Wmp.dll version is less than 11.0.5721.5268 AND Wmpdxm.dll version is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows Vista 32-bit/64-bit RTM (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check the version of Wmp.dll is less than 11.0.6000.6352 AND Wmpdxm.dll version is less than 11.0.6000.6352 OR LDR version check the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND file checks the version of Wmp.dll is less than 11.0.6000.6511 AND Wmpdxm.dll version is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6001.7007 AND Wmpdxm.dll version is less than 11.0.6001.7007 OR LDR version check Spwmp.dll version is greater than or equal to 6.0.6001.22000 AND file checks Wmp.dll version is less than 11.0.6001.7114 AND Wmpdxm.dll version is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6002.18065 AND Wmpdxm.dll version is less than 11.0.6002.18065 OR LDR version check Spwmp.dll version is greater than or equal 6.0.6002.22000 AND file checks Wmp.dll version is less than 11.0.6002.22172 AND Wmpdxm.dll version is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 Microsoft Windows 2000 is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows XP x64 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 Microsoft Windows 2000 is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP x64, Server 2003 x86/x64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) Gold is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check for windows Vista X86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GRD/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6000.16891 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6000.20000 AND the version of Ehkeyctl.dll is less than 6.0.6000.21090 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6001.18295 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6001.22000 AND the version of Ehkeyctl.dll is less than 6.0.6001.22476 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version check the version of Ehkeyctl.dll is less than 6.0.6002.18072 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6002.22000 AND the version of Ehkeyctl.dll is less than 6.0.6002.22181 OR Check for Vulnerable ActiveX and Windows 2000, XP, 2003 OS check Windows Vista is installed AND Windows Server 2008 is installed AND Microsoft Windows 2000 is installed AND Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Check for Vulnerable ActiveX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}!Compatibility Flags is not equal to 0x00000400

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:::::* cpe:2.3:o:microsoft:windows_2003_server:-:sp2:::::: cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium:::::*	3
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64::::: cpe:2.3:o:microsoft:windows_xp:-:sp2:::::: cpe:2.3:o:microsoft:windows_xp:-:sp3::::::	3

SAINT Exploits

Description	Link
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow	More info here

OpenVAS Exploits

Date	Description
2009-08-14	Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) File : nvt/secpod_ms09-037.nasl
2009-07-09	Name : Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability File : nvt/gb_ms_video_actvx_bof_vuln_jul09.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
55651	Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest... A buffer overflow exists in Windows. The DirectShow ActiveX control fails to validate data passed to the IMPEG2TuneRequest interface resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date	Description
2009-08-13	IAVM : 2009-A-0067 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0019882

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt RuleID : 20744 - Revision : 7 - Type : OS-WINDOWS
2014-01-10	Microsoft DirectShow 3 ActiveX exploit via JavaScript RuleID : 16602 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 6 ActiveX function call unicode access RuleID : 15905 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 6 ActiveX function call access RuleID : 15904 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding RuleID : 15679 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft DirectShow ActiveX exploit via JavaScript RuleID : 15678 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 9 ActiveX clsid unicode access RuleID : 15677 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 9 ActiveX clsid access RuleID : 15676 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 8 ActiveX clsid unicode access RuleID : 15675 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 8 ActiveX clsid access RuleID : 15674 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 7 ActiveX clsid unicode access RuleID : 15673 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 7 ActiveX clsid access RuleID : 15672 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 6 ActiveX function call RuleID : 15671 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 6 ActiveX clsid access RuleID : 15670 - Revision : 18 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 5 ActiveX clsid unicode access RuleID : 15669 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 5 ActiveX clsid access RuleID : 15668 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 45 ActiveX clsid unicode access RuleID : 15667 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 45 ActiveX clsid access RuleID : 15666 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 44 ActiveX clsid unicode access RuleID : 15665 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 44 ActiveX clsid access RuleID : 15664 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 43 ActiveX clsid unicode access RuleID : 15663 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 43 ActiveX clsid access RuleID : 15662 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 42 ActiveX clsid unicode access RuleID : 15661 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 42 ActiveX clsid access RuleID : 15660 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 41 ActiveX clsid unicode access RuleID : 15659 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 41 ActiveX clsid access RuleID : 15658 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 40 ActiveX clsid unicode access RuleID : 15657 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 40 ActiveX clsid access RuleID : 15656 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 4 ActiveX clsid unicode access RuleID : 15655 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 4 ActiveX clsid access RuleID : 15654 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 39 ActiveX clsid unicode access RuleID : 15653 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 39 ActiveX clsid access RuleID : 15652 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 38 ActiveX clsid unicode access RuleID : 15651 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 38 ActiveX clsid access RuleID : 15650 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 37 ActiveX clsid unicode access RuleID : 15649 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 37 ActiveX clsid access RuleID : 15648 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 36 ActiveX clsid unicode access RuleID : 15647 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 36 ActiveX clsid access RuleID : 15646 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 35 ActiveX clsid unicode access RuleID : 15645 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 35 ActiveX clsid access RuleID : 15644 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 34 ActiveX clsid unicode access RuleID : 15643 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 34 ActiveX clsid access RuleID : 15642 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 33 ActiveX clsid unicode access RuleID : 15641 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 33 ActiveX clsid access RuleID : 15640 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 32 ActiveX clsid unicode access RuleID : 15639 - Revision : 10 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 32 ActiveX clsid access RuleID : 15638 - Revision : 18 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 31 ActiveX clsid unicode access RuleID : 15637 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 31 ActiveX clsid access RuleID : 15636 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 30 ActiveX clsid unicode access RuleID : 15635 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 30 ActiveX clsid access RuleID : 15634 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 3 ActiveX clsid unicode access RuleID : 15633 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 3 ActiveX clsid access RuleID : 15632 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 29 ActiveX clsid unicode access RuleID : 15631 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 29 ActiveX clsid access RuleID : 15630 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 28 ActiveX clsid unicode access RuleID : 15629 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 28 ActiveX clsid access RuleID : 15628 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 27 ActiveX clsid unicode access RuleID : 15627 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 27 ActiveX clsid access RuleID : 15626 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 26 ActiveX clsid unicode access RuleID : 15625 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 26 ActiveX clsid access RuleID : 15624 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 25 ActiveX clsid unicode access RuleID : 15623 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 25 ActiveX clsid access RuleID : 15622 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 24 ActiveX clsid unicode access RuleID : 15621 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 24 ActiveX clsid access RuleID : 15620 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 23 ActiveX clsid unicode access RuleID : 15619 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 23 ActiveX clsid access RuleID : 15618 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 22 ActiveX clsid unicode access RuleID : 15617 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 22 ActiveX clsid access RuleID : 15616 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 21 ActiveX clsid unicode access RuleID : 15615 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 21 ActiveX clsid access RuleID : 15614 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 20 ActiveX clsid unicode access RuleID : 15613 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 20 ActiveX clsid access RuleID : 15612 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 2 ActiveX clsid unicode access RuleID : 15611 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 2 ActiveX clsid access RuleID : 15610 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 19 ActiveX clsid unicode access RuleID : 15609 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 19 ActiveX clsid access RuleID : 15608 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 18 ActiveX clsid unicode access RuleID : 15607 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 18 ActiveX clsid access RuleID : 15606 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 17 ActiveX clsid unicode access RuleID : 15605 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 17 ActiveX clsid access RuleID : 15604 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 16 ActiveX clsid unicode access RuleID : 15603 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 16 ActiveX clsid access RuleID : 15602 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 15 ActiveX clsid unicode access RuleID : 15601 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 15 ActiveX clsid access RuleID : 15600 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 14 ActiveX clsid unicode access RuleID : 15599 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 14 ActiveX clsid access RuleID : 15598 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 13 ActiveX clsid unicode access RuleID : 15597 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 13 ActiveX clsid access RuleID : 15596 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 12 ActiveX clsid unicode access RuleID : 15595 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 12 ActiveX clsid access RuleID : 15594 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 11 ActiveX clsid unicode access RuleID : 15593 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 11 ActiveX clsid access RuleID : 15592 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 10 ActiveX clsid unicode access RuleID : 15591 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 10 ActiveX clsid access RuleID : 15590 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 1 ActiveX clsid unicode access RuleID : 15589 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 1 ActiveX clsid access RuleID : 15588 - Revision : 13 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date	Description
2009-08-11	Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-037.nasl - Type : ACT_GATHER_INFO
2009-07-07	Name : The remote Windows host is missing a security update containing ActiveX kill ... File : smb_kb_972890.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-05-08 13:28:00	Multiple Updates
2013-05-11 00:56:53	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	6
Saint Exploit(s)	1
osvdb(s)	1
Openvas Exploit(s)	2
IAVM(s)	1
Snort® Rule(s)	96
Nessus® Exploit(s)	2

	Related
10	TA09-195A
9.3	VU#456745
9.3	TA09-209A
9.3	TA09-187A
9.3	MS09-032
9.3	KB972890
9.3	CVE-2008-0015
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)