Secunia Security Advisory - Some vulnerabilities have been reported in the Consona SdcUser.TgConCtl ActiveX control, which potentially can be exploited by malicious people to compromise a user's system.
fc17fe22621c3606e8402ce3c8dbd1dbfd2482bee3b1853641aec931a9eea076
----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Consona SdcUser.TgConCtl ActiveX Control Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA39751
VERIFY ADVISORY:
http://secunia.com/advisories/39751/
DESCRIPTION:
Some vulnerabilities have been reported in the Consona
SdcUser.TgConCtl ActiveX control, which potentially can be exploited
by malicious people to compromise a user's system.
1) The SdcUser.TgConCtl ActiveX control (tgctlcm.dll) provides
certain dangerous methods (e.g. "RunCmd()", "Install()", and
"HTTPDownloadFile()".
2) A buffer overflow exists within the "RunCmd()" method of the
SdcUser.TgConCtl ActiveX control.
Successful exploitation of the vulnerabilities allows execution of
arbitrary code, but requires that the attacker e.g. conducts DNS
poisoning or cross-site scripting attacks as the ActiveX control is
site-locked and can only be scripted from a trusted domain.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
CLSID: {01113300-3E00-11D2-8470-0060089874ED}
PROVIDED AND/OR DISCOVERED BY:
Rubén Santamarta
ORIGINAL ADVISORY:
Wintercore:
http://www.wintercore.com/downloads/rootedcon_0day.pdf
Consona:
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
OTHER REFERENCES:
US-CERT VU#602801:
http://www.kb.cert.org/vuls/id/602801
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------