36395 : Microsoft IE ActiveX (pdwizard.ocx) Unspecified Memory Corruption
Printer | http://osvdb.org/36395 | Email This | Edit Vulnerability

Views This Week
3

Views All Time
366

Info

Last Modified
about 1 year ago

Percent Complete
90%

Disclosure
Aug 14, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Keywords

 No Keywords

Description

 Internet Explorer contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is due to an unspecified vulnerability in the pdwizard.ocx Active X object and is related to MS VB6 objects and memory corruption. It is possible that the flaw may result in a loss of integrity.

Classification

 Location: Remote/Network Access Required
Attack Type: Input Manipulation, Other
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

 Microsoft has released MS07-45 to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): prevent COM objects from running in IE and/or configure Internet and Local Intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones.

Products
Microsoft Corporation
Watch-list
Internet Explorer
Watch-list
 5.01
6 SP1
7

References

Tools & Filters

Snort

 12261 12262 12263 12264 13321 13322 13323 13324

Nessus

 25883

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

2007/12/02 11:47:00 | Internet Explorer and Firefox Vulnerability Analysis

from: UNIX System Administration: Solaris, AIX, HP-UX, Tru64, BSD.

Jeffrey Jones has published a reather interesting internet browser Vulnerability Analysis of Internet Explorer and Firefox using cross-checked references of common security bulletings such as Microsoft's Security Bulletin page, Mozilla's security announcements as well as NIST, Secunia, SecurityFocus, and many others

2007/08/15 03:33:38 | CVE-2007-3041

from: vdforum : Компьютерные новости

Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka"ActiveX Object Memory Corruption Vulnerability." en.securitylab.ru/nvd/301271.php

2007/08/17 13:14:58 | Microsoft Security Bulletin - Aug 2007

from: http://blog.terencelim.net

Microsoft released their security bulletins for the month of August 2007. Of the 9 bulletins released, 6 are rated critical and 3 as important ... pdwizard.ocx’ can trigger code execution CVE-2007-3041 . http://www.microsoft.com/technet/security

Comments

Add Comment

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use