Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Activex Vulnerabilities - Facebook, Myspace And Yahoo


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:11:27 AM

Posted 05 February 2008 - 12:28 PM

There are warnings for at least 6 Active controls that may experience buffer overflows or crashes and thus be subject to exploit developments Posted ImagePosted ImagePosted Image So far there are no known in-the-wild attacks and in using the ISC's GUI based tool (link at the bottom) I had no exposures on my current system.

ActiveX Vulnerabilities - Facebook, MySpace and Yahoo
http://www.eweek.com/c/a/Security/ActiveX-...ers-Vulnerable/
http://www.us-cert.gov/current/index.html#...it_for_facebook
http://www.kb.cert.org/vuls/id/776931

Six key sites and Killbits for those sites
http://isc.sans.org/diary.html?storyid=3929
http://isc.sans.org/diary.html?storyid=3931

QUOTE: The US-CERT is urging Web surfers to immediately disable ActiveX controls from Internet Explorer to protect against a swath of publicly reported—and unpatched—software vulnerabilities.

The US-CERT (Computer Emergency Response Team) recommendation follows the release of exploit code for multiple zero-day flaws in image uploaders used by Facebook and MySpace and bugs in the ActiveX control that ships with the Yahoo Music Jukebox software.

According to Erik Kamerling, a vulnerability analyst at Symantec's DeepSight threat center, the availability of exploits for flaws in high-profile targets like Facebook and MySpace is cause for concern.

Although Symantec is unaware of in-the-wild exploitation of the ActiveX flaws, there's a feeling that attacks are inevitable. Admins are advised to set the kill bit for the following CLSIDs as soon as possible:

Aurigma: CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7 ('ImageUploader4.ocx')
Aurigma: CLSID BA162249-F2C5-4851-8ADC-FC58CB424243 ('ImageUploader5')
Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0
Yahoo! MediaGrid: CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139
Yahoo! DataGrid: CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C2

ISC GUI Tool can be downloaded from here:
http://handlers.sans.org/tliston/KillBitGui-Feb08.exe

ISC Command line
http://handlers.sans.org/tliston/KillBitCLI-Feb08.exe

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users