From: Russ [Russ.Cooper@RC.ON.CA]
Sent: Tuesday, August 31, 1999 3:51 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert: Microsoft Security Bulletin (MS99-032) - IE 5.0 Typelib
sc ripting

-----BEGIN PGP SIGNED MESSAGE-----

Microsoft have released a patch to resolve the issues raised by Georgi
Guninski on 8/24/94 in an MS supplied ActiveX control available with
IE 5.0.

The vulnerability allowed an exploit to be crafted which could write
out a file, and in doing so, allowed the attacker, from a web page (or
email) to do anything the logged on user could do.

The patch for this control, scriptlet.typlib, disables it from being
scriptable.

Another vulnerability is being reported in this Security Bulletin.
This one is from Shane Hird, Adrian O'Neill and Richard Smith and
involves the eyedog object. Eyedog is a hardware diagnostics utility.

The patch for the eyedog control sets the "kill-bit", which basically
means this control will be considered invalid by any browser which has
applied the patch.

In the http://www.microsoft.com/security/bulletins/ms99-032faq.asp
document, Microsoft have provide a little bit of insight into how the
kill-bit is set;

Hive HKEY_LOCAL_MACHINE\SOFTWARE
Key \Microsoft\Internet Explorer\ActiveX
Compatibility\{6BCFAE33-41AD-11D1-B78F-00C04FC2C5F0}
Name Compatibility Flags
Value Dword:00000400

Supposedly a more detailed description of using this method to revoke
ActiveX control is going to be found in the new KB article;

http://support.microsoft.com/support/kb/articles/q240/7/97.asp
(not available at time of writing)

Pertinent links are;

Security Bulletin MS99-032
http://www.microsoft.com/security/bulletins/MS99-032.asp
http://www.microsoft.com/security/bulletins/MS99-032faq.asp

Patch available via
ftp://ftp.microsoft.com/peropsys/IE/IE-Public/Fixes/usa/Eyedog-fix/
(note, MS say this will be in Windows Update by Tuesday next week)

Related KB article
http://support.microsoft.com/support/kb/articles/q240/3/08.asp

Cheers,
Russ - NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQCVAwUBN8wyFRBh2Kw/l7p5AQGxXwP9GVz2soTBckMx5lAaZsTg3XWkahOT5+O7
rSRz57amCFBDJ9PmRQfw6coYjT7AUsfypLp419d5k6Z77z0Gfg88xfLF3FTdXle6
VcNJmGxQshJwAtrrJS5cCmIMmgySneter8zxkVJLXucD2p9htRQXs8gsngRYYw/z
dVW4Nlr0jAY=
=unYz
-----END PGP SIGNATURE-----