Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability

2007-09-30T00:00:00
ID SAINT:705A0E980ED5EEDCAA91CA7A4F765240
Type saint
Reporter SAINT Corporation
Modified 2007-09-30T00:00:00

Description

Added: 09/30/2007
CVE: CVE-2007-4891
BID: 25638
OSVDB: 37106

Background

Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.

Problem

ActiveX controls contained in the **PDWizard.ocx** file in Microsoft Visual Studio 6.0 expose the **StartProcess** method and other dangerous methods which could allow arbitrary command execution when a user loads a specially crafted web page.

Resolution

Set the kill bit for Class ID 0DDF3C0B-E692-11D1-AB06-00AA00BDD685 as described in Microsoft Knowledge Base Article 240797.

References

<http://secunia.com/advisories/26779>

Limitations

Exploit works on Microsoft Visual Basic 6.0 on Windows 2000 and Windows XP.

Since this exploit uses TFTP, the SAINTexploit host must be able to bind to port 69/UDP.

Exploit requires the PERL threads module to be installed on the SAINTexploit host.

Platforms

Windows