SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Microsoft Visual Studio Vendors:   Microsoft
Microsoft Visual Studio Buffer Overflow in 'mciwndx.ocx' May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1007493
SecurityTracker URL:  http://securitytracker.com/id/1007493
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 13 2003
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 6.0
Description:   A buffer overflow vulnerability was reported in Microsoft Visual Studio in the 'mciwndx.ocx' ActiveX component. A remote user may be able to execute arbitrary code on a target user's system.

Tri Huynh from Sentry Union reported that a remote user can create HTML that refers to the mciwndx.ocx component via its CLSID and passes specially crafted data to the component. When a target user loads the HTML, a buffer overflow can be triggered.

According to the report, a large string (of approximately 640 kB) cna be passwed to the "Filename" property to trigger the overflow. The report did not confirm that arbitrary code execution was possible.

The vendor has reportedly been notified.

Impact:   A remote user may be able to execute arbitrary code on a target user's system [however, arbitrary code execution was not confirmed].
Solution:   No solution was available at the time of this entry.

The author of the report indicated that, as a workaround, you can delete the 'MCIWNDX.ocx' file from your system.

Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Microsoft MCWNDX.OCX ActiveX buffer overflow




 Microsoft MCWNDX.OCX ActiveX buffer overflow
 =================================================

 PROGRAM: MICROSOFT MCIWNDX.OCX ACTIVEX BUFFER OVERFLOW
HOMEPAGE:  www.microsoft.com
VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with Visual Studio 6 to
support multimedia programming.

 DESCRIPTION
 =================================================

 MCWNDX is an activeX shipped with Visual Studio 6 to
support multimedia programming. Although not many people use it anymore,
however it still can be called through CLSID in a website and passing a
large amount of data to the activex will cause an buffer overflow.

Since this Activex is only shipped with VIsual Studio 6.0, so only
people who are having Visual Studio 6.0 will be affected or people
who are still using old multimedia programs coded in Visual Studio 6.0
(In my PC, the last date the ActiveX is patched is in 1996 ! I am using
VS Sp 4)


 DETAILS
 =================================================
 The ActiveX has a property called "Filename" which is used to specify
the .mci file to load. However if it is passed with a very large
string(640KB
is good enough :-) ), it will cause a bufferoverflow. (I can't overwrite the
EIP using this overflow in my XP, however it doesn't mean the problem can't
be exploited)

Microsoft has been noticed but since the hole is maybe minor to them so
they don't response to me even a short sentence like "Thank you !"



 WORKAROUND
 =================================================

 Delete the file MCWNDX.ocx in your SYSTEM32 directory if you are
using 2000 or XP or in your SYSTEM directory if you are using WIN ME or
below


CREDITS
 =================================================

 Discovered by Tri Huynh from Sentry Union


 DISLAIMER
 =================================================

 The information within this paper may change without notice. Use of
 this information constitutes acceptance for use in an AS IS condition.
 There are NO warranties with regard to this information. In no event
 shall the author be liable for any damages whatsoever arising out of
 or in connection with the use or spread of this information. Any use
 of this information is at the user's own risk.


 FEEDBACK
 =================================================

 Please send suggestions, updates, and comments to: trihuynh@zeeup.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC