View Full Version : SupportSoft ActiveX controls vuln - CVSS Severity: 10.0 - High

2007-02-24, 23:55

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6490
Last revised: 2/23/2007
CVSS Severity: 10.0 (High)
Range: Remotely exploitable
Authentication: Not required to exploit
Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation

- http://isc.sans.org/diary.html?storyid=2304
Last Updated: 2007-02-24 20:27:15 UTC ...(Version: 3)
"...A .reg file for setting the killbits can be downloaded*, use at your own risk..."
* http://www.section66.com/security/handlers/supsoft.reg

- http://www.kb.cert.org/vuls/id/441785
Date Last Updated: 02/23/2007
The SupportSoft ActiveX controls contain multiple buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
SupportSoft provides multiple ActiveX packages that are used by third party vendors to provide remote assistance and other technical support functions. The controls are commonly used by internet service providers (ISPs) and PC manufacturers. The SupportSoft ActiveX control packages contain multiple buffer overflow vulnerabilities. Many of these buffer overflows can be used to overwrite the process Structured Exception Handler (SEH) or otherwise overwrite the contents of the EIP (Extended Instruction Pointer) register, thus gaining control of program execution flow.
According to the SupportSoft ActiveX Controls Security Update**, one should search for the tgctlsi.dll file to determine if a system is vulnerable. However, in our testing, any of the following files provide vulnerable ActiveX controls:
(Ed. note: Suggested search: tgctl*.dll on C:\ )
Note that since the vulnerable controls are commonly included with third-party software that is not explicitly packaged as "SupportSoft," searching for the above files is the most effective way to determine if a system is vulnerable.
Systems Affected
Vendor Status Date Updated
Bank of America Unknown 21-Feb-2007
BellSouth Vulnerable 20-Feb-2007
Comcast Vulnerable 20-Feb-2007
CSC Unknown 20-Feb-2007
IBM Vulnerable 20-Feb-2007
Verizon Unknown 20-Feb-2007 ...
(Ed. note: Only -some- of -many- vendors affected shown; see the kb.cert URL for complete list.) ..."

> http://www.symantec.com/avcenter/security/Content/2007.02.22.html

** http://www.supportsoft.com/support/controls_update.asp

:fear: :buried: