Executive Summary
Summary | |
---|---|
Title | eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution |
Informations | |||
---|---|---|---|
Name | VU#983731 | First vendor Publication | 2009-06-09 |
Vendor | VU-CERT | Last vendor Modification | 2009-06-09 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#983731eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command executionOverviewThe eBay Enhanced Picture Uploader ActiveX control allows arbitrary commands to be executed.I. DescriptionThe eBay Enhanced Picture Uploader ActiveX control is used by the eBay web site to give Internet Explorer users additional functionality when uploading pictures to an auction. This ActiveX control is provided by the file EPUWALcontrol.dll. If an attacker provides a specially-crafted PictureUrls property or initialization parameter, the ActiveX control will execute the commands that are specified.II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary commands with the privileges of the user.III. SolutionApply an updateThis update is addressed in version 1.0.27 of the Ebay Enhanced Picture Control software. This update can be obtained by visiting the eBay web site, creating a new auction and uploading images with the Internet Explorer web browser. This control is also disabled in Internet Explorer with the update for Microsoft Security Advisory (969898). Please see the eBay security center announcement for additional details.
{C3EB1670-84E0-4EDA-B570-0B51AAE81679}
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{4C39376E-FA9D-4349-BACC-D305C1750EF3}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{C3EB1670-84E0-4EDA-B570-0B51AAE81679}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
Referenceshttp://www.cert.org/tech_tips/securing_browser/#Internet_Explorer Thanks to Chris Weber of Casaba Security for reporting this vulnerability. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/983731 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54968 | eBay Enhanced Picture Services ActiveX (EPUWALcontrol.dll) PictureUrls Proper... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-06-10 | Name : The remote Windows host is missing a security update containing ActiveX kill ... File : smb_kb_969898.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:31 |
|