You are here

U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities

October 25, 2011 - 8:45am

Addthis

PROBLEM:

Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities.

PLATFORM:

The vulnerabilities are confirmed in version 20.0.2 build 7910 (AutoVueX.ocx 20.1.1.7910). Other versions may also be affected.

ABSTRACT:

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

reference LINKS:

Bugtraq ID: 50321
Secunia Advisory SA46473
Oracle AutoVue

IMPACT ASSESSMENT:

High

Discussion:

Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.
1) The insecure "ExportEdaBom()" method within the AUTOVUEX.AutoVueXCtrl.1 control (AutoVueX.ocx) can be exploited to create or overwrite arbitrary files in the context of the currently logged-on user.
2) The insecure "Export3DBom()" method within the AUTOVUEX.AutoVueXCtrl.1 control (AutoVueX.ocx) can be exploited to create or overwrite arbitrary files in the context of the currently logged-on user.
3) The insecure "SaveViewStateToFile()" method within the AUTOVUEX.AutoVueXCtrl.1 control (AutoVueX.ocx) can be exploited to create or overwrite arbitrary files in the context of the currently logged-on user.

Impact:

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution:

Set the kill-bit for the affected ActiveX control.

Addthis