Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities

Bugtraq ID:	23811
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-2588
Remote:	Yes
Local:	No
Published:	May 04 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	shinnai is credited with the discovery of these vulnerabilities.
Vulnerable:	PalTalk PalTalk Messenger 10.0 Office OCX Office Viewer 3.2.0.5 Office OCX Office Viewer 3.2
Not Vulnerable:

Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities

Office Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

Office Viewer ActiveX Control 3.2.0.5 is reported vulnerable to these issues; other versions may also be affected.

Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities

The following proof of concept is available:

• /data/vulnerabilities/exploits/Office_Viewer_ActiveX_exp.txt

Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities

References:

• Office Viewer (Office OCX)
  
• Office Viewer (OA.ocx v. 3.2) multiple methods DoS (shinnai)
  
• Paltalk Messenger ActiveX Control Multiple Insecure Methods (High-Tech Bridge)