ActiveX control from game vendor GameHouse full of vulnerabilities
US-CERT warns in a Vulnerability Notice about a security vulnerability in an ActiveX control by RealNetworks online game vendor GameHouse. The dldisplay control (ghdlctl.dll) contains multiple buffer overflows which may allow arbitrary code to be injected and executed on a PC. Just visiting a crafted website with Internet Explorer is apparently sufficient to cause this – the control can be triggered from any website – or even viewing an HTML mail with Outlook.
According to US-CERT, there is no patch available. The situation can be remedied by setting the kill-bit, as described in the error report. However, while we continue to wait for fixes it's become difficult to keep recommending these types of workarounds with a clear conscience, since the flood of faulty ActiveX controls is becoming a deluge. Users would need to fiddle around in the registry every other day in order to prevent the loading of yet another control. It is more sensible to completely deactivate ActiveX in the Internet Explorer, at least in the Internet Zone. However, this can't be done with a single click under Tools/Internet options/Security, for example, in Internet Explorer 6. There are no less than five options for handling ActiveX, which should all be preferably set to "Deactivate". Then, even an extremely insistent website won't be able to deceive you into mistakenly installing an offered control.
- RealNetworks GameHouse dldisplay ActiveX control stack buffer overflows, error report from US-CERT
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
