ActiveX posts - Defense in Depth

March 11, 2008 9:58 AM PDT

If you use the RealPlayer on Internet Explorer, watch out. Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers. This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

Please note that disabling the killbits above will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

Topics:: Browsers and extensions,; Security

Tags:: security,; Real,; RealPlayer,; Elazar Broad,; ActiveX,; Internet Explorer,; Firefox

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

February 5, 2008 11:47 AM PST

Free tool blocks Facebook, MySpace, and Yahoo ActiveX vulnerabilities

by Robert Vamosi

Post a comment

A researcher over at the Internet Storm Center has created a powerful GUI that will set the kill-bits on vulnerable ActiveX controls used in Facebook, Myspace, and Yahoo apps. These popular apps came under attack on Monday after researchers Elazar Broad and Krystian Kloskowski disclosed their findings to a online security newsgroup.

On Tuesday, exploits for the Yahoo apps were reported circulating. There is currently no patch from the individual vendors, so the only workaround is to disable the several specific, vulnerable ActiveX controls. (ActiveX controls were developed by Microsoft for use with Internet Explorer and other browsers.)

The SANS tool, available here, eliminates the risks associated with editing the Windows system registry file. A command line version is available here.

The kill-bit tool first checks your system to see if any of the vulnerable CLSIDs exist. If so, the tool saves a copy of any values currently set, then updates the display to show that the CLSID--the unique sequence assigned to each ActiveX component that specifies which control you are using--exists. It also shows whether the kill-bit flag is set. To set the kill-bit, just check the box beside any of the affected ActiveX controls then click on the "Set" button. Unchecking any of the boxes will either reset the "Compatibility Flags" to their saved value or remove the CLSID entirely (if you didn't have the control installed in the first place).

SANS suggests setting the kill-bits for all of the affected ActiveX controls, and, even if you don't currently have one or more of these CLSIDs installed on your machine, go ahead set the kill-bit for controls that might be added to your system in the future.

Topics:: Browsers and extensions,; Security

Tags:: security,; Yahoo,; Facebook,; MySpace,; ActiveX,; kill-bit,; SANS,; Internet Storm Center

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Crave
Acer Aspire Netbook sports new Atom chip
Company updates its Aspire One lineup with a new Netbook powered by Intel's N450 Atom processor, offering faster performance and boosting battery life to 10 hours.
Gallery
En route to GPS-based air traffic control (images)
The Digital Home
Nokia: We will match Apple, RIM
Handset maker's new mobile chief has his sights set firmly on Apple and RIM. He's so confident that he believes Nokia can catch up to the competition in the near future.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
The Digital Home
Social network nixes users who 'let themselves go'
BeautifulPeople.com, a site that allows attractive people to connect on the Web, announces that it has removed 5,000 members due to weight gain over the holidays.
Video
Deep-sea volcanic explosion--part 1 (video)
The Social
For eBay sellers, a holiday hamster hangover
The gift frenzy over Zhu Zhu Pets leaves some power sellers feeling like they've just run a marathon--but the steep price tags driven by scarcity lead to some impressive profits.
Cutting Edge
NASA's next frontier: Venus, the moon, or an asteroid
Agency selects three finalists in a competition to help determine where to focus its attention to get the most scientific value out of research into our solar system.
Gallery
NASA trains WISE eye on the sky (photos)
2010 CES
Laptop leaks usher in CES
As inevitable as bad Wi-Fi and long taxi lines, pre-CES leaks are unavoidable. This year, many laptops from big-name PC makers have leaked early, mostly thanks to online retailers surfacing the products before the official release dates.
Green Tech
Horizon to show fuel cell for charging gadgets
Company is introducing a hydrogen fuel cell that will produce enough juice to charge small electronics, such as smartphones, on the road.

Defense in Depth

RealPlayer vulnerable in Internet Explorer

Free tool blocks Facebook, MySpace, and Yahoo ActiveX vulnerabilities

Most Popular

Five New Year's resolutions for Google

For eBay sellers, a holiday hamster hangover

About Defense in Depth

Defense in Depth topics

Antivirus

Audio and video

Bots and botnets

Browsers and extensions

Chat and e-mail

Criminal Hackers

Mobile

Networking

Phishing

Rootkits

Security

Spyware

Storage

Uncategorized

Most Discussed

Inside CNET News