InvokeRegWizard (regwizc.dll) ActiveX control has a buffer overflow

2002-10-01T00:00:00
ID VU:37556
Type cert
Reporter CERT
Modified 2002-10-01T15:06:00

Description

Overview

Microsoft Internet Explorer 4.01 and 5 ship with a series of activex controls to aid in its functionality. Regwiz.dll is an safe-for-scripting activex control that contains a remotely exploitable buffer overflow.

Description

InvokeRegWizard (regwizc.dll) is a control that ships with Microsoft Internet Explorer 4.01 and 5. Regwiz.dll is a safe-for-scripting activex control that contains a remotely exploitable buffer overflow. The CLSID for this control is {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00}.


Impact

A remote attacker may be able to execute arbitrary commands on the system when the victim views a malicious web page.


Solution

Apply the patch from Microsoft Security Bulletin MS99-37.


Vendor Information

37556

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: September 30, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft Security Bulletin MS99-37.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/Security/Bulletin/MS99-037.asp>
  • <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/fq99-037.asp>

Acknowledgements

Microsoft acknowledges Georgi Guninski, Shane Hird of Australia and Richard Smith of Phar Lap Software (http://www.pharlap.com/) for reporting this vulnerability.

This document was written by Shawn V Hernan and Jason Rafail.

Other Information

CVE IDs: | None
---|---
Severity Metric: | 9.11
Date Public: | 1999-09-10
Date First Published: | 2002-10-01
Date Last Updated: | 2002-10-01 15:06 UTC
Document Revision: | 10