Microsoft Windows hxvz.dll ActiveX Control Memory Corruption - Secunia Advisories - Vulnerability Intelligence

Microsoft Windows hxvz.dll ActiveX Control Memory Corruption
Secunia Advisory:	SA29714	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2008-04-08
Last Update:	2008-04-09
Popularity:	6,753 views

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Home Edition Microsoft Windows XP Professional

Binary Analysis:	BA453 :: Available for 1 Credit

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2008-1086

Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the hxvz.dll ActiveX control and can be exploited to cause a memory corruption when a user e.g. is tricked into visiting a malicious website. Successful exploitation allows execution of arbitrary code. Solution: Apply patches. Windows 2000 SP4 with Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/de...=0395451F-B719-4F71-A7B4-403D0C7E8FCC Windows 2000 SP4 with Internet Explorer 6 SP1: http://www.microsoft.com/downloads/de...=BA6D3AEB-E35A-47CC-BACE-7BD9D58A9D3F Windows XP SP2: http://www.microsoft.com/downloads/de...=9DBF002F-FE53-4CC7-A430-35F45C520D10 Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/de...=01400970-DF68-4DAF-AA39-2FC4F969974C Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/de...=AD384FEA-53BE-4BE3-8ACB-1CD23A7F5405 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/de...=FFC5C893-CB24-4875-B0A7-6D5C7AA4D642 Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/de...=94CF78D3-B6C3-41BC-993E-3AF3BE0D70F1 Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/de...=D7F14001-7F42-4CA0-9193-CDF061179B59 Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/de...=D33462B6-7391-482D-BABE-FB4CD0BEAA21 Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/de...=95691924-2813-4A86-9E11-99D853F8E606 Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/de...=920AE29B-19D0-4089-AC79-F2DA824A2256 Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=66DF79AC-8364-4922-9688-EBC7EC76D89F Provided and/or discovered by: Reported by an anonymous person via iDefense Labs. Changelog: 2008-04-09: Added link to iDefense Labs. Original Advisory: MS08-023 (948881) http://www.microsoft.com/technet/security/Bulletin/MS08-023.mspx iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680 Extended Solution: The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	4
New vulnerabilities:	6
Updated advisories:	10

Moderately // 121 views

Ubuntu update for imagemagick

Moderately // 109 views

Ubuntu update for libvorbis

Less // 103 views

Debian update for phpmyadmin

Moderately // 203 views

ClamAV "cli_check_jpeg_expl oit()" Denial of Service Vulnerability

1st Dec, 2008

New advisories:	33
New vulnerabilities:	55
Updated advisories:	56

Moderately // 364 views

RakhiSoftware Shopping Cart Multiple Vulnerabilities

Moderately // 349 views

Lito Lite CMS "cid" SQL Injection Vulnerability

Moderately // 388 views

Basic PHP CMS "id" SQL Injection Vulnerability

Less // 667 views

Microsoft Office Communications Server SIP INVITE Denial of Service

Moderately // 346 views

Bluo CMS "id" SQL Injection Vulnerability

Moderately // 364 views

Active eWebquiz "useremail" and "password" SQL Injection Vulnerabilities

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.