1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS PDWizard ActiveX Code Exec

HTTP MS PDWizard ActiveX Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit remote code execution and file overwrite vulnerabilities by using vulnerable methods of Microsoft Visual Studio PDWizard ActiveX control.

Additional Information

Microsoft Visual Studio is a development tool for building applications on Microsoft platforms and web technologies.

Microsoft Visual Studio is prone to multiple remote vulnerabilities. The issues occur in the 'PDWizard.ocx' ActiveX control with CLSID: 0DDF3C0B-E692-11D1-AB06-00AA00BDD685. Specifically, these include:

- Two remote command-execution vulnerabilities affecting the 'StartProcess()' and 'SyncShell()' methods.

- Four unspecified vulnerabilities affecting the 'SaveAs()', 'CABDefaultURL()', 'CABFileName()', and 'CABRunFile()' methods.

An attacker can exploit the remote command-execution vulnerabilities to execute arbitrary commands with the privileges of the currently logged-in user.

Very little information is known about the four unspecified issues. We will update this BID as more information emerges.

These issues affect Microsoft Visual Studio 6.0.0; other versions may also be affected.

Affected

  • Microsoft Visual Studio 6.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube