The latest Month of Bugs project, Month of ActiveX Bugs (MoAxB) started up on May 1 and has already found two critical flaws.
First off, Microsoft"s ActiveX controls, used to make Web pages richer and more interactive, are vulnerable to a denial-of-service bug in Office OCX PowerPoint Viewer – an ActiveX control that enables software to communicate with Microsoft PowerPoint files. "A vulnerability has been identified in Office OCX PowerPoint Viewer, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in "PowerPointViewer.ocx" when calling certain methods with overly long arguments, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted Web page," said a French Security Incident Response Team analyst.
The second reported bug, that Secunia rates as "highly critical", was posted by a researcher known only as shinnai who found several holes in a Excel Viewer OCX (confirmed in version 3.2.0.5). "The vulnerabilities are caused due to boundary errors within the Excel Viewer ActiveX control. These can be exploited to cause stack-based buffer overflows via overly long arguments passed to certain methods. Successful exploitation may allow execution of arbitrary code when a user visits a malicious Web site," wrote Secunia analysts.