iMBCContents ActiveX Control Execute() Method Arbitrary Program Execution

2006-07-05T11:19:02
ID OSVDB:27049
Type osvdb
Reporter Gyu Tae Park()
Modified 2006-07-05T11:19:02

Description

Vulnerability Description

iMBCContents contains a flaw that may allow a malicious user to execute code remotely. The issue is triggered when an attacker executes arbitrary program on the target via a URI using the 'file:' URI handler. This could allow an attacker to create a specially crafted web page that would execute arbitrary code in the context of the user visiting a malicious web page resulting in a loss of integrity.

Technical Description

The flaw is due to a design error in the insecure 'Execute()' method of iMBCContents ActiveX control. It can be exploited to execute arbitrary local programs with parameters via a URI using the 'file:' URI handler.

Solution Description

Upgrade to version 2.0.0.59 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

iMBCContents contains a flaw that may allow a malicious user to execute code remotely. The issue is triggered when an attacker executes arbitrary program on the target via a URI using the 'file:' URI handler. This could allow an attacker to create a specially crafted web page that would execute arbitrary code in the context of the user visiting a malicious web page resulting in a loss of integrity.

References:

Vendor URL: http://www.imbc.com/ Secunia Advisory ID:20938 FrSIRT Advisory: ADV-2006-2672 CVE-2006-3391 Bugtraq ID: 18848