Overview
Microsoft Internet Explorer 4.01 and 5 ship with a series of activex controls to aid in its functionality. Regwiz.dll is an safe-for-scripting activex control that contains a remotely exploitable buffer overflow.
Description
InvokeRegWizard (regwizc.dll) is a control that ships with Microsoft Internet Explorer 4.01 and 5. Regwiz.dll is a safe-for-scripting activex control that contains a remotely exploitable buffer overflow. The CLSID for this control is {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00}. |
Impact
A remote attacker may be able to execute arbitrary commands on the system when the victim views a malicious web page. |
Solution
Apply the patch from Microsoft Security Bulletin MS99-37. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Microsoft acknowledges Georgi Guninski, Shane Hird of Australia and Richard Smith of Phar Lap Software (http://www.pharlap.com/) for reporting this vulnerability.
This document was written by Shawn V Hernan and Jason Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 9.11 |
| Date Public: | 1999-09-10 |
| Date First Published: | 2002-10-01 |
| Date Last Updated: | 2002-10-01 15:06 UTC |
| Document Revision: | 10 |