Vulnerability in Microsoft Office 2003 ActiveX control
An ActiveX control supplied with Microsoft Office (Office Data Source Control 11, OWC11.DLL) contains an error in the function DeleteRecordSourceIfUnused, which can be exploited to trigger a buffer overflow by means of crafted HTML documents. The buffer overflow occurs if excess data is passed to the HelpPopup method of the DeleteRecordSourceIfUnused() method of the ActiveX control, and can be exploited to run arbitrary code in the context of the calling application, which likely to be Internet Explorer. Failed attempts apparently lead to a crash. A published exploit demonstrates how Internet Explorer 6 crashes when opening this type of document. Visiting a manipulated web page would be sufficient for infection with malware via this vulnerability.
No patch is available. This bug can be protected against by setting a kill-bit in the registry so that the vulnerable control (CLSID0002E55B-0000-0000-C000-000000000046) no longer loads. Since the security vulnerabilities found in ActiveX controls are currently accumulating epidemically, it makes more sense to deactivate ActiveX in the browser, at least for the internet zone.
- MSODataSourceControl.DeleteRecordSourceIfUnused COM-object B0F POC, Exploit on Milw0rm