Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft hxvz.dll ActiveX Control Memory Corruption Vulnerability
Date Discovered: 04/09/2008
Severity: High
Operating Systems Affected: Microsoft Windows 2000 SP4
Microsoft Windows 2003 x64
Microsoft Windows 2003 SP2
Microsoft Windows 2003 SP2 x64
Microsoft Windows 2003 SP2 Itanium
Microsoft Windows 2003 SP1 Itanium
Microsoft Windows 2003 SP1
Microsoft Windows 2008
Microsoft Windows 2008 x64
Microsoft Windows 2008 Itanium
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista
Microsoft Windows Vista SP1 x64
Microsoft Windows XP Pro x64
Microsoft Windows XP SP2
Microsoft Windows XP SP2 Pro x64 
Applications Affected: Microsoft Internet Explorer 5.01 SP4
Microsoft Internet Explorer 6 SP1 
Synopsis
Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory corruption vulnerability. A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-023.mspx
Threat Analysis
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability that occurs when Internet Explorer attempts to instantiate the hxvz.dll object as an ActiveX control.

By persuading a victim to visit a malicious Web page containing an invalid object, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1086
http://www.securityfocus.com/bid/28606

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map