Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiCHkr_D591ZDI-08-083
HistoryDec 09, 2008 - 12:00 a.m.

Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability

2008-12-0900:00:00
CHkr_D591
www.zerodayinitiative.com
21

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code through vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Microsoft Animation ActiveX control MSCOMCT2.OCX. When parsing a malformed AVI file through this control an exploitable heap corruption can occur. As the AVI file can be loaded over a UNC path this issue is remotely exploitable and can result in arbitrary code execution under the context of the current user.

Related

checkpoint_advisories 2
exploitpack 1
seebug 2
packetstorm 1
prion 1
securityvulns 3
cve 1
exploitdb 1
nessus 2
mskb 1
checkpoint_advisories
checkpoint_advisories
Microsoft VB Common Controls Animation Object Buffer Overflow (MS08-070; CVE-2008-4255)
2009-12-13 00:00:00
Microsoft Visual Basic ActiveX Controls Remote Code Execution (MS08-070; CVE-2008-3704; CVE-2008-4252; CVE-2008-4253; CVE-2008-4254; CVE-2008-4255; CVE-2008-4256)
2008-11-11 00:00:00
exploitpack
exploitpack
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)
2008-12-12 00:00:00
seebug
seebug
Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability(MS08-070)
2008-12-10 00:00:00
MS Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC
2008-12-13 00:00:00
packetstorm
packetstorm
Microsoft Visual Basic ActiveX Buffer Overflow
2008-12-12 00:00:00
prion
prion
Heap overflow
2008-12-10 14:00:00
securityvulns
securityvulns
ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
2008-12-10 00:00:00
Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
2008-12-10 00:00:00
Microsoft Visual Basic multiple ActiveX security vulnerabilities
2008-12-10 00:00:00
cve
cve
CVE-2008-4255
2008-12-10 14:00:00
exploitdb
exploitdb
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)
2008-12-12 00:00:00
nessus
nessus
MS KB960715: Cumulative Security Update of ActiveX Kill Bits
2009-02-11 00:00:00
MS08-070: Vulnerabilities in Visual Basic 6.0 ActiveX Controls Could Allow Remote Code Execution (932349)
2008-12-10 00:00:00
mskb
mskb
MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) could allow remote code execution
2018-04-24 19:15:57

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for ZDI-08-083
checkpoint_advisories2exploitpack1seebug2packetstorm1prion1securityvulns3cve1exploitdb1nessus2mskb1