Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:563401
HistoryMay 31, 2007 - 12:00 a.m.

Authentium Command Antivirus odapi.dll multiple ActiveX buffer overflows

2007-05-3100:00:00
www.kb.cert.org
9

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.074 Low

EPSS

Percentile

94.0%

JSON

Overview

Authentium Command Antivirus contains multiple ActiveX vulnerabilities, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Authentium Command Antivirus provides multiple ActiveX controls. Many of the ActiveX controls provided by odapi.dll are vulnerable to buffer overflows. Note that Command Antivirus components may come with software bundles from ISPs or other sources.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.

Solution

This issue is resolved in Command Antivirus 4.93.8. Please check with your software vendor for updates. If no updates are available from your vendor, please consider the following workarounds

Disable the vulnerable Command Antivirus ActiveX controls in Internet Explorer

The vulnerable ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:

{103CAE29-DB09-4F77-812B-FFC0C3BC91A1} {1F22F6F1-FDC5-4C6D-9335-B6E31315FB1B}
{253A6409-6917-48EF-9CC7-9CB79FDA4169}
{50F3C8D1-E5E8-463D-A6E5-5A5966359538}
{567408B9-78B1-44DD-9CC2-7AC136C916C5}
{67EC8D27-C3CD-447E-9315-46A04DDB6C35}
{6D855303-A902-4608-8668-C177F80AB429}
{8EDDD996-E47F-4C59-8505-9FC570612FB6}
{A1962F85-324C-4751-83ED-27426F9F6E36}
{FED9DA10-9C9E-4AEB-B5B2-51C7ADC7A4DA}
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{103CAE29-DB09-4F77-812B-FFC0C3BC91A1}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F22F6F1-FDC5-4C6D-9335-B6E31315FB1B}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{253A6409-6917-48EF-9CC7-9CB79FDA4169}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50F3C8D1-E5E8-463D-A6E5-5A5966359538}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{567408B9-78B1-44DD-9CC2-7AC136C916C5}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67EC8D27-C3CD-447E-9315-46A04DDB6C35}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6D855303-A902-4608-8668-C177F80AB429}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8EDDD996-E47F-4C59-8505-9FC570612FB6}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1962F85-324C-4751-83ED-27426F9F6E36}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FED9DA10-9C9E-4AEB-B5B2-51C7ADC7A4DA}]
"Compatibility Flags"=dword:00000400

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the “Securing Your Web Browser” document.

Vendor Information

563401

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Authentium, Inc. __ Affected

Notified: April 16, 2007 Updated: May 30, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please update to Command Antivirus version 4.93.8 or later, or disable the vulnerable ActiveX controls.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23563401 Feedback>).

BellSouth __ Affected

Updated: May 30, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please update to Command Antivirus version 4.93.8 or later, or disable the vulnerable ActiveX controls.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23563401 Feedback>).

Earthlink __ Affected

Updated: May 30, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please update to Command Antivirus version 4.93.8 or later, or disable the vulnerable ActiveX controls.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23563401 Feedback>).

PeoplePC, Inc. __ Affected

Updated: May 30, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please update to Command Antivirus version 4.93.8 or later, or disable the vulnerable ActiveX controls.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23563401 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Will Dormann of CERT/CC.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2007-2917
Severity Metric: 4.59 Date Public:

Related

nessus 1
cve 1
prion 1
nessus
nessus
Command Antivirus odapi.dll ActiveX Control Multiple Overflows
2007-06-02 00:00:00
cve
cve
CVE-2007-2917
2007-06-01 01:30:00
prion
prion
Buffer overflow
2007-06-01 01:30:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.074 Low

EPSS

Percentile

94.0%

JSON
Related for VU:563401
nessus1cve1prion1