SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
BID:23290
Info
SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 23290 |
| Class: | Design Error |
| CVE: |
CVE-2007-1684 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2007 12:00AM |
| Updated: | Apr 05 2007 04:42AM |
| Credit: | Will Dormann of CERT/CC is credited with discovering this vulnerability. |
| Vulnerable: |
SolidWorks Solidworks sldimdownload ActiveX Control 16.0.0.5 |
| Not Vulnerable: |
SolidWorks Solidworks sldimdownload ActiveX Control 16.0.0.6 |
Discussion
SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
The SolidWorks sldimdownload.dll ActiveX control is prone to an arbitrary-code-execution vulnerability that will allow remote attackers to execute arbitrary code on an affected computer.
Successful exploits will allow attacker-supplied arbitrary code to run within the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions.
The SolidWorks sldimdownload.dll ActiveX control is prone to an arbitrary-code-execution vulnerability that will allow remote attackers to execute arbitrary code on an affected computer.
Successful exploits will allow attacker-supplied arbitrary code to run within the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions.
Exploit / POC
SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
Solution:
The vendor has released fixes to address this issue. Please contact the vendor for information on how to obtain and apply updates.
SolidWorks Solidworks sldimdownload ActiveX Control 16.0.0.5
Solution:
The vendor has released fixes to address this issue. Please contact the vendor for information on how to obtain and apply updates.
SolidWorks Solidworks sldimdownload ActiveX Control 16.0.0.5
-
SolidWorks sldimdownload.cab
sldimdownload ActiveX control version 16,0,0,6
http://www.solidworks.com/pages/services/subscription/downloads/sldimd ownload.cab
References
SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
References:
References:
- Q240797 - How to Stop an ActiveX Control from Running in Internet Explorer (Microsoft)
- SolidWorks Web Site (SolidWorks)