In association with heise online

24 May 2007, 16:56

Code injection via Office 2000 ActiveX [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The initiators of the Month of ActiveX Bugs (MoAxB) have reported a security vulnerability in an ActiveX module in Microsoft Office 2000. The OUACTRL.OCX module is marked as "safe for scripting" on installation and can thus be loaded in Internet Explorer.

A buffer overflow occurs in the HelpPopup function of the affected ActiveX component if it is passed an excessively long value. The code thus injected runs with the user's privileges. Version 1.0.1.9 of the module is affected. The CLSID is 8936033C-4A50-11D1-98A4-00A0C90F27C6. Affected users should set the kill bit for this module. Microsoft has provided a Knowledge Base article with instructions for setting kill bits.

Update:

Microsoft have replaced the faulty module in service pack 3 for Office 2000. If the update isn't in place yet, it should be installed as soon as possible.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-732943
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit