Vulnerability Note VU#37556

InvokeRegWizard (regwizc.dll) ActiveX control has a buffer overflow

Original Release date: 01 Oct 2002 | Last revised: 01 Oct 2002

Overview

Microsoft Internet Explorer 4.01 and 5 ship with a series of activex controls to aid in its functionality. Regwiz.dll is an safe-for-scripting activex control that contains a remotely exploitable buffer overflow.

Description

InvokeRegWizard (regwizc.dll) is a control that ships with Microsoft Internet Explorer 4.01 and 5. Regwiz.dll is a safe-for-scripting activex control that contains a remotely exploitable buffer overflow. The CLSID for this control is {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00}.

Impact

A remote attacker may be able to execute arbitrary commands on the system when the victim views a malicious web page.

Solution

Apply the patch from Microsoft Security Bulletin MS99-37.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-30 Sep 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Microsoft acknowledges Georgi Guninski, Shane Hird of Australia and Richard Smith of Phar Lap Software (http://www.pharlap.com/) for reporting this vulnerability.

This document was written by Shawn V Hernan and Jason Rafail.

Other Information

  • CVE IDs: Unknown
  • Date Public: 10 Sep 99
  • Date First Published: 01 Oct 2002
  • Date Last Updated: 01 Oct 2002
  • Severity Metric: 9.11
  • Document Revision: 10

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.