Wang/Kodak ActiveX controls can be used by a Web site operator to take action on a visiting user`s system

wang-kodak-activex-control (7097) The risk level is classified as HighHigh Risk

Description:

Several Wang/Kodak ActiveX image controls can be used by a malicious Web site operator to create files on a visiting user's computer. The imgedit.ocx, imgscan.ocx, imgthumb.ocx, and imgadmin.ocx ActiveX controls are improperly marked 'Safe for Scripting'. A malicious Web site operator can use this vulnerability to create or overwrite files on a visiting user's computer, which could allow the execution of arbitrary commands or possibly cause the system to fail.


Consequences:

File Manipulation

Remedy:

Apply the patch for this vulnerability, as listed in Microsoft Security Bulletin MS99-037. See References.

References:

  • Microsoft Security Bulletin MS99-037: Patch Available for 'ImportExportFavorites' Vulnerability.
  • Microsoft Security Bulletin MS99-037 FAQ: Microsoft Security Bulletin (MS99-037): Frequently Asked Questions.
  • BID-667: Microsoft IE Setupctl ActiveX Control Buffer Overflow Vulnerability
  • CVE-1999-1575: The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as Safe for Scripting
  • OSVDB ID: 18537: Kodak/Wang Image Edit (imgedit.ocx) ActiveX for MSIE Permission Weakness
  • OSVDB ID: 18538: Kodak/Wang Image Annotation (imgedit.ocx) ActiveX for MSIE Permission Weakness
  • OSVDB ID: 18539: Kodak/Wang Image Scan (imgscan.ocx) ActiveX for MSIE Permission Weakness
  • OSVDB ID: 18540: Kodak/Wang Thumbnail Image (imgthumb.ocx) ActiveX for MSIE Permission Weakness
  • OSVDB ID: 18541: Kodak/Wang Image Admin (imgadmin.ocx) ActiveX for MSIE Permission Weakness
  • OSVDB ID: 18542: Kodak/Wang HHOpen (hhopen.ocx) ActiveX for MSIE Permission Weakness
  • OSVDB ID: 18543: Kodak/Wang Registration Wizard (regwizc.dll) ActiveX for MSIE Permission Weakness
  • OSVDB ID: 18544: Kodak/Wang IE Active Setup (setupctl.dll) ActiveX for MSIE Permission Weakness
  • US-CERT VU#23412: Wang/Kodak Image Annotation ActiveX Control
  • US-CERT VU#24839: Wang/Kodak Image Thumbnail ActiveX Control
  • US-CERT VU#26924: Wang/Kodak Image Admin ActiveX Control
  • US-CERT VU#41408: Wang/Kodak Image Scan ActiveX Control
  • US-CERT VU#9162: Wang/Kodak Image Edit ActiveX control

Platforms Affected:

  • Microsoft Internet Explorer 4.0.1
  • Microsoft Internet Explorer 5.0

Reported:

Oct 31, 2000

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page