Researchers at Secunia are warning users about ActiveX bugs the firm described as 'highly critical.' Microsoft is unaware of any attacks targeting the issues.
Microsoft counted 106 security bulletins for 2010 when it released
its final Patch Tuesday update for the year. But with 2010 now coming
to a close, additional bugs are popping up - this time in an ActiveX
According to researchers at Secunia
critical" vulnerabilities have been found
impacting the Microsoft WMI Administrative Tools WMI Object
Viewer ActiveX Control.
"Two vulnerabilities have been discovered in Microsoft WMI
Administrative Tools, which can be exploited by malicious people to
compromise a user's system," reported Secunia. "The
vulnerabilities are caused due to the "AddContextRef()" and
"ReleaseContext()" methods in the WMI Object Viewer Control
(WBEM.SingleViewCtrl.1) using a value passed in the "lCtxHandle"
parameter as an object pointer."
The vulnerabilities are confirmed in version 1.1 (WBEMSingleView.ocx
1.50.1131.0), though other versions may be affected as well, Secunia
noted. A successful exploit would enable an attacker to execute
arbitrary code, the firm warned.
Dave Forstrom, director of the Trustworthy Computing at
Microsoft, said there have been no reports of attacks related to
the issue, and the company is investigating the matter.
"Once we're done investigating, we will take appropriate actions to help protect customers," he told eWEEK.
Historically, ActiveX bugs have been big targets
, noted Andrew Storms, director of security operations at nCircle.
"We haven't seen a good ActiveX scare in some time so time isn't on
our side, but it's still too early to make a call on how things will
shape up with this bug," Storms said.
Besides the ActiveX bugs, the company is also investigating
a denial-of-service issue impacting IIS FTP 7.5, which ships with
Windows 7 and Windows Server 2008 R2. Proof of concept exploit code has
already been made public, according to Nazim Lala, IIS security program
manager at Microsoft.
"First, this is a Denial of Service vulnerability and remote code execution is unlikely," Lala blogged
"The vulnerability occurs when the FTP server attempts to encode Telnet
IAC (Interpret As Command) character in the FTP response. The IAC
character, which is represented as decimal 255 (Hex FF) in the
response, needs to be encoded by the addition of another decimal 255
character in the FTP response where we find the presence of the IAC
Due to an error in this processing, it is possible to get into a
state where an attacker can overwrite part of the response with a
string of 0xFFs past the end of the heap buffer, Lala explained. The
end result is a heap buffer overrun.
"In that situation, the only data that a malicious client controls
in this overrun is the number of bytes by which the buffer is overrun,"
blogged Lala. "It cannot control the data that is overwritten...Also,
the malicious client does not control the addresses where data is
overridden, and the data is always overridden in a sequential manner.
The FTP service 7.5 is also protected by Data Execution Prevention
"We'll continue to investigate this issue and, if necessary, we-ll
take appropriate action to help protect customers," Lala wrote. "This
may include providing a security update through the monthly release
process or additional guidance to help customers protect themselves."
Dec. 22, Microsoft issued an advisory
on a previously reported vulnerability in Internet Explorer.