---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: JaguarEditControl ActiveX Control Information Disclosure SECUNIA ADVISORY ID: SA20759 VERIFY ADVISORY: http://secunia.com/advisories/20759/ CRITICAL: Less critical IMPACT: Exposure of system information WHERE: >From remote SOFTWARE: JaguarEditControl http://secunia.com/product/5547/ DESCRIPTION: SRLabs.net has discovered a security issue in JaguarEditControl, which can be exploited by malicious people to disclose certain system information. The problem is caused due to the ActiveX control disclosing certain information of the user's system via the JText attribute when the "test" parameter is set to 2790 or 2404. This can be exploited to disclose the user's Windows username, system name, MAC address, IP address, and gateway IP address. Successful exploitation requires that e.g. the user is tricked into visiting a malicious website. The security issue has been confirmed in version 1,1,0,18 (DEMO) and has also been reported in version 1,1,0,19 and 1,1,0,20. Other versions may also be affected. SOLUTION: Do not visit non-trusted website. PROVIDED AND/OR DISCOVERED BY: SRLabs.net ORIGINAL ADVISORY: http://www.srlabs.net/bulten/JaguarEdit_2.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------