Alerts
Alerts
Zero-Day Tracker
Common Name:
IE DAXCTLE.OCX Spline
Date Disclosed:
8/28/2006
Date Patched:
11/14/2006
Vendor:
Microsoft
Application:
Internet Explorer 5.01
Internet Explorer 6
Description:
A buffer overflow exists within the daxctle.ocx ActiveX object which may be exploited by attackers to execute arbitrary code on a remote system by a specially-crafted website. The vulnerability is caused by an attacker using a Spline function call whose first argument specifies a large number of points.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
An ActiveX remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Since this vulnerability is patched, the primary mitigation for this vulnerability would be to apply MS06-067. However, the best for of mitigation is available by kill-bitting the CLSIDs for the Microsoft DirectAnimation Path ActiveX Control (D7A7D7C3-D47F-11D0-89D3-00A0C90833E6) following the directions of KB240797. It should be noted that the 'Cumulative Security Update for Internet Explorer' only kill-bits the ActiveX and does not actually fix the underlying vulnerable code, only stops the attack vectors.
Protection:
Microsoft Patch - MS06-067
Links:
CVE-2006-4446
First Public PoC Code Disclosure (Denial of Service)
Status:
11/14/2006: Patched - MS06-067 - Kill-bit on CLSID
Common Name:
IE DAXCTLE.OCX Spline
Date Disclosed:
8/28/2006
Date Patched:
11/14/2006
Vendor:
Microsoft
Application:
Internet Explorer 5.01
Internet Explorer 6
Description:
A buffer overflow exists within the daxctle.ocx ActiveX object which may be exploited by attackers to execute arbitrary code on a remote system by a specially-crafted website. The vulnerability is caused by an attacker using a Spline function call whose first argument specifies a large number of points.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
An ActiveX remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Since this vulnerability is patched, the primary mitigation for this vulnerability would be to apply MS06-067. However, the best for of mitigation is available by kill-bitting the CLSIDs for the Microsoft DirectAnimation Path ActiveX Control (D7A7D7C3-D47F-11D0-89D3-00A0C90833E6) following the directions of KB240797. It should be noted that the 'Cumulative Security Update for Internet Explorer' only kill-bits the ActiveX and does not actually fix the underlying vulnerable code, only stops the attack vectors.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Microsoft Patch - MS06-067
Links:
CVE-2006-4446
First Public PoC Code Disclosure (Denial of Service)
Status:
11/14/2006: Patched - MS06-067 - Kill-bit on CLSID
