Sep4 |
10:24 am (UTC-7) | by
Jonell Baltazar (Senior Threat Researcher) |
There were reports from the internet about another exploited IE vulnerability called “Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability” which (from the report) only affects Internet Explorer 6 SP1. The proof-of-concept code by the author tends to crash the IE browser due to an error writing to memory, thus resulting to a DoS. (I tested it on a Windows 2000 Advanced Server Internet Explorer 5 SP2 and on XP Internet Explorer 6 SP1.) I also tested it on a fully patched IE 6 SP2 and the browser terminates itself (if we allow ActiveX to run). The author also mentioned on a possible code execution,
“When Internet Explorer handle DirectAnimation.PathControl COM object(daxctle.ocx) Spline method, Set the first parameter to 0xffffffff will triggers an invalid memory write, That an attacker may DoS and possibly could execute arbitrary code.”
No mentioned patches from Microsoft for this vulnerability so users affected may opt to use other browsers (as said by SANS)
“such as Opera, Firefox, whatever…”.
Another solution is not allowing ActiveX to run. You may find Microsft’s article about killing or not allowing ActiveX to run here.
References:
