ATL ActiveX buffer overflow (HTML_ATL_ActiveX_BO)

About this signature or vulnerability

Proventia Desktop, Proventia Network IPS, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Server Protection for Windows, BlackICE Server Protection, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects an HTML or JavaScript with malicious data that could cause a buffer overflow and lead to remote code execution.


Default risk level

High risk vulnerability  High

Sensors that have this signature

Proventia Desktop: 2310, Proventia Network IPS: XPU 28.170, BlackICE PC Protection: 3.6crk, RealSecure Network: XPU 28.170, RealSecure Server Sensor: XPU 28.170, Proventia-G 1.1 and earlier: XPU 28.170, Proventia Network IDS: XPU 28.170, Proventia Network MFS: XPU 28.170, IBM Security Server Protection for Windows: 2.0.300.2310, IBM Security Server Protection for Windows: 1.0.914.2310, BlackICE Server Protection: 3.6.crk, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 28.170, Virtual Server Protection for Vmware: 1.0

Systems affected

IBM AIX, WindRiver BSDOS, Linux Kernel, Sun Solaris, Microsoft Windows, Data General DG/UX, SCO SCO Unix, Compaq Tru64

Type

Unauthorized Access Attempt

Vulnerability description

The Microsoft WebViewFolderIcon ActiveX control is vulnerable to an integer overflow which could result in heap corruption and possibly remote code execution. An attacker may host a malicously crafted HTML document on a website and entice the victm to click on a link, which will load the document in their browser. Once the document is loaded, the attacker will be able to execute arbitrary code on the victim's machine with the permissions of the victim user. This could lead to loss of confidential information, disruption of business, or further compromise of internal systems and networks.

How to remove this vulnerability

No remedy currently available.

References

IBM Internet Security Systems Protection Alert
Vulnerability in Windows Shell Could Allow Remote Code Execution
http://www.iss.net/threats/238.html

ISS X-Force
ATL ActiveX buffer overflow
http://www.iss.net/security_center/static/46196.php

CVE
CVE-2008-0024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0024