| VID |
28629 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The ADODB.Stream object has been detected as enabled on the target host. This flaw may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted from the Local Zone (or other Security Zones with relaxed security restrictions, such as the Intranet Zone). This flaw depends on scripting that abuses the ADODB.Stream Object to write an attacker-specified file to the victim file system. In this manner, an HTML document that is interpreted in the context of a Security Zone with relaxed security restrictions may install a malicious file on the victim file system.
Exploitation of this flaw typically requires other vulnerabilities to redirect the browser into the Local Zone (or other appropriate Security Zone) and then reference the malicious content once it has been written to the client file system. Other attack vectors also exist, such as enticing a user to download an HTML document to their system then opening it with the Web browser. HTML email may also provide an attack vector for this flaw (in combination with other vulnerabilities).
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://support.microsoft.com/?id=870669
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Microsoft has provided three ways to disable the ADODB.Stream object from Internet Explorer. You can use Microsoft Windows Update to update your computer, you can download an update file from the Microsoft Download Center, or you can disable the ADODB.Stream object manually.
To disable the ADODB.Stream object by using a registry key update that is available from the Microsoft Download Center, visit one of the following Microsoft Web sites, depending on your operating system:
For Windows XP, Windows 2000, Windows NT, Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4D056748-C538-46F6-B7C8-2FBFD0D237E3
For Windows 9x, Windows Me:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FE2A5B1C-FF30-40A0-8E70-C9F1F4DCD8C2
For Windows XP Version 2003, 64-Bit Edition , Windows Server 2003, 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7576B19-DE8B-41B0-BBD9-06C39591CECF
-- OR --
To disable the ADODB.Stream object by manually creating the registry key, follow these steps:
1. Close any open Internet Explorer browser windows.
2. Click Start, and then click Run.
3. In the Open box, type Regedit, and then click OK.
4. In Registry Editor, locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility
5. Right-click ActiveX Compatibility, point to New, and then click Key.
6. Type the following name for the key:
{00000566-0000-0010-8000-00AA006D2EA4}
7. Right-click the new key, point to New, and then click DWORD Value.
8. Name the value Compatibility Flags.
9. In the right pane, right-click Compatibility Flags, and then click Modify.
10. In the Edit DWORD Value dialog box, make sure that the Hexadecimal option is selected, type 400 in the Value data box, and then click OK.
11. Close Registry Editor.
More details are available from Microsoft at http://support.microsoft.com/?id=870669 |
| Related URL |
(CVE) |
| Related URL |
8577,10514 (SecurityFocus) |
| Related URL |
(ISS) |
|
