Vulnerability Note VU#1673

Eyedog ActiveX control incorrectly marked "safe for scripting"

Original Release date: 14 Nov 2001 | Last revised: 14 Nov 2001

Overview

Versions of the Eyedog ActiveX control current circa August, 1999, are incorrectly marked safe for scripting.

Description

Eyedog is an ActiveX control that was used to perform diagnostic function in Windows. It was marked as safe for scripting, which means that it could be called from Internet Explorer, but provided access to computer configuration data. The patch sets the "kill bit" for the control. For more information, see


The control is contained in eyedog.ocx. The Class ID is 06A7EC63-4321-11D0-A112-00A0C90543AA.

Impact

Attacker can retrieve system configuration information.

Solution

Apply the patch as described in MS99-032.

Systems Affected (Learn More)

No information available. If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Our thanks to Microsoft for the information contained in their advisory.

This document was written by Shawn V Hernan.

Other Information

  • CVE IDs: CVE-1999-0668
  • Date Public: 31 Aug 99
  • Date First Published: 14 Nov 2001
  • Date Last Updated: 14 Nov 2001
  • Severity Metric: 9.49
  • Document Revision: 5

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.