Computer Security - Microsoft Active-X Remote Code Execution Vulnerability

06-21-2006, 03:05 AM

Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution
Vulnerability

"The Microsoft MDAC RDS.Dataspace ActiveX control is vulnerable to remote
code execution. An attacker could exploit this issue to execute code in the
context of the user visiting a malicious web page."

http://www.securityfocus.com/bid/17462/discuss

Imhotep

--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************

imhotep

06-28-2006, 12:24 PM

On Tue, 20 Jun 2006 22:05:50 -0400, imhotep <>
wrote:

>Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution
>Vulnerability
>

heh heh heh... he said ActiveX.

But seriously folks, I'm shocked. Shocked !!

Beavis

06-28-2006, 12:33 PM

Beavis wrote:
> On Tue, 20 Jun 2006 22:05:50 -0400, imhotep <>
> wrote:
>
>> Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution
>> Vulnerability
>>
>
> heh heh heh... he said ActiveX.
>
> But seriously folks, I'm shocked. Shocked !!

Why? Because MS Office XP Outlook Mailbox Control Build 10.0.2616.0 has
a buffer overflow, is digitally signed by Microsoft and has not been
revoked ever because it would break unpatched MS Office XP installations?

No need for joking around. ActiveX as a plugin concept is unsuitable for
non-trusted networks (like the internet) by design. There's absolutely
no need to wonder if an ActiveX control can be exploited.

Sebastian Gottschalk

06-28-2006, 12:24 PM	#2
Beavis Posts: n/a	Re: Microsoft Active-X Remote Code Execution Vulnerability On Tue, 20 Jun 2006 22:05:50 -0400, imhotep <> wrote: >Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution >Vulnerability > heh heh heh... he said ActiveX. But seriously folks, I'm shocked. Shocked !! Beavis

06-28-2006, 12:33 PM	#3
Sebastian Gottschalk Posts: n/a	Re: Microsoft Active-X Remote Code Execution Vulnerability Beavis wrote: > On Tue, 20 Jun 2006 22:05:50 -0400, imhotep <> > wrote: > >> Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution >> Vulnerability >> > > heh heh heh... he said ActiveX. > > But seriously folks, I'm shocked. Shocked !! Why? Because MS Office XP Outlook Mailbox Control Build 10.0.2616.0 has a buffer overflow, is digitally signed by Microsoft and has not been revoked ever because it would break unpatched MS Office XP installations? No need for joking around. ActiveX as a plugin concept is unsuitable for non-trusted networks (like the internet) by design. There's absolutely no need to wonder if an ActiveX control can be exploited. Sebastian Gottschalk

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
The summary of cancelled Microsoft exams before March 2008	zhang	Software	1	06-12-2008 04:03 AM
Computer Security	aldrich.chappel.com.use@gmail.com	A+ Certification	0	11-27-2007 02:11 AM
OT: Certifications... Worth it?	Michael D. Alligood	MCTS	12	04-10-2007 10:16 PM
OT: Certifications... Worth it?	Michael D. Alligood	MCITP	12	04-10-2007 10:16 PM
Microsoft to Implement Worldwide Anti-Piracy Initiative	Bum	A+ Certification	0	03-04-2005 08:28 PM

06-21-2006, 03:05 AM	#1
	Microsoft Active-X Remote Code Execution Vulnerability Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability "The Microsoft MDAC RDS.Dataspace ActiveX control is vulnerable to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page." http://www.securityfocus.com/bid/17462/discuss Imhotep -- *********************************** Pass a Net Neutrality Law in the US!!!! Save the Internet: http://www.savetheinternet.com/ Its our net: http://www.itsournet.org/ *********************************** imhotep