COMMAND

	
		DirectX files viewer xweb.ocx remote buffer overflow
	
	

SYSTEMS AFFECTED

	
		DirectX xweb.ocx ActiveX component all releases untill now ?
	
	

PROBLEM

	
		Andrew G. Tereschenko [secure@tag.odessa.ua] TAG Software  Research  Lab
		says :
		

		A buffer overflow exists  in  the  "File"  parameter  of  the  Microsoft
		DirectX Files Viewer ActiveX control that may permit a  remote  attacker
		to execute arbitrary code on the  system  with  the  privileges  of  the
		current user. This vulnerability affects users visited  ActiveX  samples
		galery at activex.microsoft.com.
		

		Since the control is signed by Microsoft, users of Microsoft's  Internet
		Explorer (IE) who accept and install Microsoft-signed  ActiveX  controls
		are also affected. This control was also available for  direct  download
		from the web, but can be uploaded on any website.
		

		The <object> tag could be used to embed the ActiveX control in a  web
		page. If an attacker can trick the user into visiting a  malicious  site
		or the attacker sends the victim a web page as an  HTML-formatted  email
		message  or  newsgroup  posting  then  this   vulnerability   could   be
		exploited. This acceptance and installation of  the  control  can  occur
		automatically within IE for users  who  trust  Microsoft-signed  ActiveX
		controls. When the web page is rendered, either by opening the  page  or
		viewing the page through a preview pane, the ActiveX  control  could  be
		invoked. Likewise, if the ActiveX control is  embedded  in  a  Microsoft
		Office (Word, Excel,  etc.)  document,  it  may  be  executed  when  the
		document is opened.
	
	

SOLUTION