Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
TITLE: Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 23 2007 12:00AM
UPDATE: May 30 2007 05:11PM
CREDIT: Shinnai is credited with the discovery of this issue.
VULNERABLE:
Microsoft Office 2000 Multilanguage Packs 0
Microsoft Office 2000 Korean Version
Microsoft Office 2000 Japanese Version
Microsoft Office 2000 Chinese Version
Microsoft Office 2000 SP3
-Microsoft Windows 2000 Professional SP3
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows XP Home SP1
-Microsoft Windows XP Home
-Microsoft Windows XP Professional SP1
-Microsoft Windows XP Professional
Microsoft Office 2000 SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows ME
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows XP Home
-Microsoft Windows XP Professional
Microsoft Office 2000
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows ME
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows XP Home
-Microsoft Windows XP Professional
Microsoft Internet Explorer for Unix SP2
NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Microsoft Office 2000 UA ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Exploit
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit code is available:
Solution
Solution:
This issue is addressed in version 2.0 of the affected ActiveX control. Users are advised to update to the latest version of Microsoft Office 2000 with all appropriate patches.
Microsoft Office 2000
Microsoft Office 2000 SP1
Microsoft Office 2000 SP3
Microsoft Internet Explorer for Unix SP2
References
References:
Keywords for this page:
activex control ouactrl ocx (from google) first seen: 2007-09-23 02:32:59 hit: 53
ouactrl ocx errors (from google) first seen: 2007-09-25 22:23:42 hit: 2
t (from google) first seen: 2007-10-02 14:45:13 hit: 9
ouactrl ocx solution (from google) first seen: 2007-10-08 19:58:31
activex ouactrl ocx (from google) first seen: 2007-11-02 19:58:10 hit: 33
how to install activex control ouactrl ocx (from google) first seen: 2007-11-05 01:31:52
activex control ouactrl (from google) first seen: 2007-11-06 08:44:43 hit: 2
ouactrl ocx (from google) first seen: 2007-12-04 18:30:23 hit: 25
ouactrl ocx winxp (from google) first seen: 2007-12-09 12:00:09
ouactrl ocx 2 0 (from google) first seen: 2007-12-10 17:28:50 hit: 4
office 2000 help activex control ouactrl ocx error (from google) first seen: 2007-12-21 12:26:13
ouactrl ocx sp2 (from google) first seen: 2007-12-21 13:47:25
install ouactrl ocx (from google) first seen: 2007-12-21 16:28:06 hit: 7
install activex control ouactrl ocx (from google) first seen: 2007-12-28 22:43:51 hit: 6
ouactrl ocx fails (from google) first seen: 2007-12-29 12:03:50
office 2000 professional ouactrl ocx (from google) first seen: 2007-12-30 22:10:38
ouactrl ocx error in office 2000 (from google) first seen: 2008-01-04 17:57:54 hit: 2
installer activex ouactrl ocx (from google) first seen: 2008-01-07 17:09:06
ouactrl ocx access (from google) first seen: 2008-01-08 12:17:24
help ouactrl ocx error (from google) first seen: 2008-01-10 19:48:35 hit: 4
ouactrl ocx error (from google) first seen: 2008-01-12 00:05:32 hit: 10
ouactrl ocx activex install (from google) first seen: 2008-01-14 14:55:50
activex control ouactrl ocx install (from google) first seen: 2008-01-16 12:51:18 hit: 3
office ouactrl ocx error (from google) first seen: 2008-01-17 08:26:49
activex ouactrl (from google) first seen: 2008-01-18 02:48:54 hit: 9
how do i install an active x control ouactrl ocx (from google) first seen: 2008-01-18 13:28:39
activex control or ouactrl ocx (from google) first seen: 2008-01-19 21:19:02
ouactrl ocx error using help in office 2000 (from google) first seen: 2008-01-23 12:23:13
or the activex control ouactrl ocx (from google) first seen: 2008-01-23 13:34:49 hit: 9
error with activex control ouactrl ocx (from google) first seen: 2008-01-23 21:03:11 hit: 2
office 2000 help ouactrl (from google) first seen: 2008-01-24 15:33:02
activex ouactrl ocx instalar (from google) first seen: 2008-01-25 10:28:28
activex control ouactrl ocx office 2000 (from google) first seen: 2008-01-25 13:45:06
how to install ouactrl ocx (from google) first seen: 2008-01-25 15:08:11 hit: 3
access help ouactrl ocx (from google) first seen: 2008-01-30 15:16:20 hit: 2
active control ouactrl ocx (from google) first seen: 2008-01-31 14:08:55 hit: 2
help ouactrl ocx access (from google) first seen: 2008-02-05 20:55:28
ouactrl ocx instal (from google) first seen: 2008-02-06 12:05:33
ouactrl ocx install (from google) first seen: 2008-02-08 21:04:24 hit: 3
help ouactrl office error (from google) first seen: 2008-02-13 13:39:32
ouactrl ocx installeren (from google) first seen: 2008-02-14 14:41:08
ouactrl ocx office help (from google) first seen: 2008-02-17 13:13:41
access ouactrl ocx (from google) first seen: 2008-02-20 02:37:12
activex \ouactrl ocx\ (from google) first seen: 2008-02-20 23:09:46
install activex for winme (from google) first seen: 2008-02-26 04:52:53
in ouactrl (from google) first seen: 2008-03-02 03:36:43
active control x ouactrl ocx (from google) first seen: 2008-03-02 23:32:06
instalar active x ouactrl ocx (from google) first seen: 2008-03-05 10:45:43 hit: 4
installeren activex ouactrl ocx (from google) first seen: 2008-03-05 22:22:23
ouactrl ocx error help office 2000 (from google) first seen: 2008-03-07 10:25:26
ouactrl ocx update (from google) first seen: 2008-03-07 16:18:02
download for activex control ouactrl ocx (from google) first seen: 2008-03-09 22:28:14 hit: 2
installing activex control installing activex control ouactrl ocx (from google) first seen: 2008-03-10 18:24:46
install active x ouactrl ocx (from google) first seen: 2008-03-10 21:51:16
active ouactrl ocx (from google) first seen: 2008-03-11 16:43:44 hit: 4
microsoft office 2000 professional bn (from google) first seen: 2008-03-12 06:26:23
www bnlug org (from google) first seen: 2008-03-13 19:14:52 hit: 11
ouactrl ocx help (from google) first seen: 2008-03-14 16:07:47
download activex control ouactrl ocx (from google) first seen: 2008-03-16 19:28:19 hit: 2
ouactrl (from google) first seen: 2008-03-17 01:17:52 hit: 2
ouactrl installeren (from google) first seen: 2008-03-18 16:17:08
download install activex control ouactrl ocx (from google) first seen: 2008-03-22 04:17:59
installing ouactrl ocx (from google) first seen: 2008-03-26 18:49:56 hit: 4
download uactlsec exe (from google) first seen: 2008-03-27 09:26:06 hit: 2
installer contrôle activex ouactrl ocx (from google) first seen: 2008-03-28 08:23:07
instalar activex control (from google) first seen: 2008-03-29 02:14:44 hit: 5
installing activex ouactrl ocx (from google) first seen: 2008-03-31 01:52:12
instalar active x (from google) first seen: 2008-04-01 18:03:43
instalar active control xp (from google) first seen: 2008-04-01 18:44:34
ouactrl ocx fehler (from google) first seen: 2008-04-09 09:34:30
controlador activex ouactrl ocx download (from google) first seen: 2008-04-09 19:52:26
install activex ouactrl (from google) first seen: 2008-04-10 08:50:07
download activex ouactrl (from google) first seen: 2008-04-13 18:57:00
ouactrl ocx issues (from google) first seen: 2008-04-14 23:41:43
instalar office 2000 (from google) first seen: 2008-04-17 02:29:01
instalar control activex (from google) first seen: 2008-04-24 23:53:03 hit: 3
instalar activex (from google) first seen: 2008-04-27 04:26:20
activex ouactrl ocx error (from google) first seen: 2008-05-01 16:08:52
error message activex contrl ouactrl ocx (from google) first seen: 2008-05-08 20:21:05
download ouactrl ocx (from google) first seen: 2008-05-10 19:44:37 hit: 2
activex ouactrl download (from google) first seen: 2008-05-10 23:49:13
activex ouactrl xp (from google) first seen: 2008-05-12 08:53:03
troubleshoot installation of active x control ouactrl ocx (from google) first seen: 2008-05-15 23:21:51
instalar activex microsoft office 2007 (from google) first seen: 2008-05-21 23:38:25
intalar activex (from google) first seen: 2008-05-23 04:18:29
control activex ouactrl (from google) first seen: 2008-05-26 00:13:42
ocx installeren (from google) first seen: 2008-05-26 14:57:44 hit: 2
instalar activex 9 0 (from google) first seen: 2008-05-27 03:53:19 hit: 2
activex ouactrl ocx install (from google) first seen: 2008-05-27 07:27:31 hit: 2
activex control ouactrl ocx installation windows xp (from google) first seen: 2008-05-27 08:28:20 hit: 2
windows xp sp3 error office 2k activex (from google) first seen: 2008-05-27 15:27:04
f (from google) first seen: 2008-05-27 18:04:04 hit: 2
error in microsoft 200 help activex control ouactrl ocx (from google) first seen: 2008-05-27 20:50:35
uninstall ouactrl ocx (from google) first seen: 2008-06-02 20:05:30
how install activex ouactrl ocx (from google) first seen: 2008-06-03 22:03:45
ms access help ouactrl ocx (from google) first seen: 2008-06-06 02:15:09
ouactrl ocx download 2 0 (from google) first seen: 2008-06-10 21:16:51
activex control ouactrl ocx fix (from google) first seen: 2008-06-13 18:45:36 hit: 3
uninstall activex control ouactrl ocx (from google) first seen: 2008-06-14 04:27:18
troubleshoot the installation of the activex control ouactrl ocx (from google) first seen: 2008-06-16 17:57:33
comment installer ouactrl ocx (from google) first seen: 2008-06-17 15:24:50
instalar office 2000 windows xp (from google) first seen: 2008-06-18 23:54:13
como instalar activex control (from google) first seen: 2008-06-19 03:24:15
ouactrl ocx error in office help (from google) first seen: 2008-06-21 07:11:54
installer ouactrl ocx (from google) first seen: 2008-06-23 21:49:01
uactlsec exe (from google) first seen: 2008-06-26 14:25:32 hit: 2
download controlador activex (from google) first seen: 2008-06-27 12:58:51
como instalar windows 2000 professional (with sp4) (from google) first seen: 2008-06-29 02:39:24
controle activex instalaçao (from google) first seen: 2008-07-06 10:04:39
active xcontrol ouactrl ocx (from google) first seen: 2008-07-07 22:06:13
ouactrl ocx access help (from google) first seen: 2008-07-09 21:39:03
installation of the activex control ouactrl ocx (from google) first seen: 2008-07-12 20:28:48 hit: 2
activex ouactrl ocx install download (from google) first seen: 2008-07-15 22:38:00
install activex ouactrl ocx (from google) first seen: 2008-07-16 11:50:35 hit: 2
ouactrl ocx controller (from google) first seen: 2008-07-16 17:43:07
ouactrl troubleshoot (from google) first seen: 2008-07-17 13:19:07
como baixar o ocx control 9 0 (from google) first seen: 2008-07-20 03:10:31
como instalar control activex (from google) first seen: 2008-07-20 18:11:51
instalaÇÃo do activex ouactrl ocx (from google) first seen: 2008-07-22 22:58:20
install activex ouactrl ocx office (from google) first seen: 2008-07-24 19:17:54
activex update ouactrl ocx (from google) first seen: 2008-07-25 17:52:48
ouactrl ocx activex (from google) first seen: 2008-07-30 13:14:52
how to fix ouactrl ocx (from google) first seen: 2008-07-30 21:52:40
instalacion del control activex ouactrl ocx (from google) first seen: 2008-07-30 23:16:49
instalar control active x (from google) first seen: 2008-08-01 17:53:31
activex ouactrl ocx download (from google) first seen: 2008-08-07 00:39:45
activex control ouactrl ocx download (from google) first seen: 2008-08-07 20:40:57 hit: 2
ouactrl problem installation (from google) first seen: 2008-08-08 10:43:52
activex-steuerelement ouactrl ocx installieren (from google) first seen: 2008-11-25 16:40:00
GoogleBot visited this page on: 2009-01-06 01:32:39