Microsoft_Windows_Image_Acquisition_Logger_ActiveX_Control

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory

Microsoft Windows Image Acquisition Logger ActiveX Control Vulnerability


Date Discovered:	9/10/2008
Severity:	High
Applications Affected:	Microsoft Windows Image Aquisition Logger
Type	Remote
Identifiers	CVE-2008-3957 BID-31069
Vendor	Microsoft

Synopsis

Vulnerability has been discovered in Windows Image Acquisition Logger ActiveX Control. This allows remote attackers to perform arbitrary file overwrite vulnerability on the system installed with vulnerable version of the application.

Recommended Action

Set the kill bit on the Class Identifier (CLSID):{A1E75357-881A-419E-83E2-BB16DB197C68}
Instructions to set the kill bit Instructions

Threat Analysis

Windows Image Acquisition enables graphics software to communicate with imaging hardware like scanners, digital cameras and Digital Video-equipment.

Recently there is a vulnerability found in ActiveX control open and save methods which fails to properly sanitize the argument values provided by user before processing. A remote attacker can exploit this issue and download the arbitrary files onto a victim system via a URL in the first argument to the Open method,in conjunction with a full destination pathname in the first argument to the Save method

Once this malicious file get downloaded on victim machine then attacker can control the machine according to his requirement.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3957
http://www.securityfocus.com/bid/31069/

Write-up by: Vikrant

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |