Windows : Microsoft Bulletins : Microsoft Data Analyzer ActiveX Control Vulnerability (978262)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900229

Category: Windows : Microsoft Bulletins

Title: Microsoft Data Analyzer ActiveX Control Vulnerability (978262)

Summary: Check for the CLSID and Hotfix

Description:
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-008.

Vulnerability Insight:
An unspecified error exists in the Microsoft Data Analyzer ActiveX control
(max3activex.dll) when used with Internet Explorer. Attackers can execute
arbitrary code by tricking a user into visiting a specially crafted web page.

Impact:
Successful exploitation will let the remote attackers execute arbitrary code
and can compromise a vulnerable system.

Impact Level: System.

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx

Workaround:
Set the killbit for the following CLSIDs,
{E0ECA9C3-D669-4EF4-8231-00724ED9288F}, {C05A1FBC-1413-11D1-B05F-00805F4945F6},
{5D80A6D1-B500-47DA-82B8-EB9875F85B4D}, {0CCA191D-13A6-4E29-B746-314DEE697D83},
{2d8ed06d-3c30-438b-96ae-4d110fdc1fb8}
http://support.microsoft.com/kb/240797

References:
http://secunia.com/advisories/38503/
http://www.vupen.com/english/advisories/2010/0341
http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0252
Microsoft Security Bulletin: MS10-008
http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
Microsoft Security Bulletin: MS10-034
http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx
Cert/CC Advisory: TA10-040A
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8424
http://secunia.com/advisories/38503
http://secunia.com/advisories/40059

Copyright Copyright (C) 2010 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.900229
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
Summary:	Check for the CLSID and Hotfix
Description:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS10-008. Vulnerability Insight: An unspecified error exists in the Microsoft Data Analyzer ActiveX control (max3activex.dll) when used with Internet Explorer. Attackers can execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact: Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Impact Level: System. Affected Software/OS: Micorsoft Windows 7 Microsoft Windows 2K Service Pack 4 and prior Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2K3 Service Pack 2 and prior Microsoft Windows Vista Service Pack 1/2 and prior. Microsoft Windows Server 2008 Service Pack 1/2 and prior. Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx Workaround: Set the killbit for the following CLSIDs, {E0ECA9C3-D669-4EF4-8231-00724ED9288F}, {C05A1FBC-1413-11D1-B05F-00805F4945F6}, {5D80A6D1-B500-47DA-82B8-EB9875F85B4D}, {0CCA191D-13A6-4E29-B746-314DEE697D83}, {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} http://support.microsoft.com/kb/240797 References: http://secunia.com/advisories/38503/ http://www.vupen.com/english/advisories/2010/0341 http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0252 Microsoft Security Bulletin: MS10-008 http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx Microsoft Security Bulletin: MS10-034 http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx Cert/CC Advisory: TA10-040A http://www.us-cert.gov/cas/techalerts/TA10-040A.html Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8424 http://secunia.com/advisories/38503 http://secunia.com/advisories/40059
Copyright	Copyright (C) 2010 SecPod