---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Microsoft Visual Basic ActiveX Controls Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26534 VERIFY ADVISORY: http://secunia.com/advisories/26534/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Visual FoxPro 9.x http://secunia.com/advisories/product/15503/ Microsoft Visual FoxPro 8.x http://secunia.com/advisories/product/412/ Microsoft Visual FoxPro 6.x http://secunia.com/advisories/product/109/ Microsoft Visual Basic 6.x http://secunia.com/advisories/product/410/ Microsoft Visual Studio .NET 2002 http://secunia.com/advisories/product/1087/ Microsoft Visual Studio .NET 2003 http://secunia.com/advisories/product/1086/ Microsoft Visual Studio 6 Enterprise http://secunia.com/advisories/product/408/ Microsoft Visual Studio 6 Professional http://secunia.com/advisories/product/409/ Microsoft Visual Studio 6 Standard http://secunia.com/advisories/product/16717/ Microsoft Frontpage 2002 http://secunia.com/advisories/product/26/ Microsoft Project 2003 http://secunia.com/advisories/product/3170/ Microsoft Office Project 2007 http://secunia.com/advisories/product/13231/ DESCRIPTION: Multiple vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error in the DataGrid ActiveX control (msdatgrd.ocx) can be exploited to corrupt memory via a specially crafted web page. 2) An unspecified error in the FlexGrid ActiveX control (msflxgrd.ocx) can be exploited to corrupt memory via a specially crafted web page. 3) Integer overflow errors in the Microsoft Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) when handling the "Rows" and "Cols" properties and the "ExpandAll()" and "CollapseAll()" methods can be exploited to corrupt memory. 4) An allocation error in the Windows Common ActiveX control (mscomct2.ocx) when parsing AVI files can be exploited to corrupt memory via a specially crafted web page. 5) An unspecified error in the Charts ActiveX control (Mschrt20.ocx) can be exploited to corrupt memory via a specially crafted web page. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Visual Basic 6.0 Runtime Extended Files: http://www.microsoft.com/downloads/details.aspx?familyid=E27EEBCB-095D-43EC-A19E-4A46E591715C Microsoft Visual Studio .NET 2002 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=AFAD980D-7F27-49D9-AA23-B762C7B94CD6 Microsoft Visual Studio .NET 2003 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=6AC7CF8F-D046-43A8-B4EF-253153D65AED Microsoft Visual FoxPro 8.0 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=A6977F81-F7F6-486B-96AD-8D296D79F205 Microsoft Visual FoxPro 9.0 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=386D27A6-B2C7-4ACC-BF3E-EDCBC7358172 Microsoft Visual FoxPro 9.0 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=5B1F28A9-DA8D-463A-8AE4-DFC8FCC6C41A Microsoft Office FrontPage 2002 SP3 (only Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean): http://www.microsoft.com/downloads/details.aspx?familyid=0a6130ae-c5b4-43cb-afe3-ab6a55b9d9ea Microsoft Office Project 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=89a44042-a629-40f3-800a-0bb45fc36591 Microsoft Office Project 2007: http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6 Microsoft Office Project 2007 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=2fbf6a5b-ff35-4a2d-9fa0-4e62b6486fe6 PROVIDED AND/OR DISCOVERED BY: 1, 2) The vendor credits ADLab of VenusTech. 3) Carsten Eiram, Secunia Research. The vendor also credits ADLab of VenusTech and Jason Medeiros, Affiliated Computer Services for reported some/all of the issues in #3. 4) The vendor credits: * Mark Dowd via McAfee Avert Labs. * Brett Moore, Insomnia Security. * CHkr_D591 via ZDI. 5) The vendor credits Michal Bucko via CERT/CC. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2007-72/ MS08-070 (KB932349): http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------