---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: System Requirements Lab ActiveX Control Code Execution Vulnerability SECUNIA ADVISORY ID: SA32236 VERIFY ADVISORY: http://secunia.com/advisories/32236/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: System Requirements Lab ActiveX Control http://secunia.com/advisories/product/20151/ DESCRIPTION: A vulnerability has been reported in the System Requirements Lab ActiveX control, which can be exploited by malicious people to compromise a user's system. An error in the System Requirements Lab ActiveX control ("sysreqlab.dll", "sysreqlabsli.dll", or "sysreqlab2.dll") can be exploited to redirect a download of an executable file to a malicious site. This may allow executing arbitrary code with privileges granted to the signed ActiveX control. SOLUTION: The vendor has issued a fixed version. Microsoft has issued a Security Updates that sets the kill-bit for one affected ActiveX control. http://support.microsoft.com/kb/956391 PROVIDED AND/OR DISCOVERED BY: US-CERT credits Andre Protas of eEye Digital Security, who in turn credit Greg Linares ORIGINAL ADVISORY: Husdawg: http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html US-CERT: http://www.kb.cert.org/vuls/id/166651 Microsoft: http://www.microsoft.com/technet/security/advisory/956391.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------