search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Eyedog ActiveX control incorrectly marked "safe for scripting"

Vulnerability Note VU#1673

Original Release Date: 2001-11-15 | Last Revised: 2001-11-15

Overview

Versions of the Eyedog ActiveX control current circa August, 1999, are incorrectly marked safe for scripting.

Description

Eyedog is an ActiveX control that was used to perform diagnostic function in Windows. It was marked as safe for scripting, which means that it could be called from Internet Explorer, but provided access to computer configuration data. The patch sets the "kill bit" for the control. For more information, see

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-032.asp

The control is contained in eyedog.ocx. The Class ID is 06A7EC63-4321-11D0-A112-00A0C90543AA.

Impact

Attacker can retrieve system configuration information.

Solution

Apply the patch as described in MS99-032.

Vendor Information


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Our thanks to Microsoft for the information contained in their advisory.

This document was written by Shawn V Hernan.

Other Information

CVE IDs: CVE-1999-0668
Severity Metric: 9.49
Date Public: 1999-08-31
Date First Published: 2001-11-15
Date Last Updated: 2001-11-15 04:30 UTC
Document Revision: 5

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis