Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
ActiveX "scriptlet.typelib/Eyedog" Vulnerability
Security vulnerabilities exist in two ActiveX controls that could all a web page to take unauthorized action against a person who visited it. Specifically, the web page would be able to do anything on the computer that the user could do.
Issue
This issue involves two ActiveX controls, scriptlet.typelib and Eyedog. These controls are not in any way related to each other; their only relationship is that both are incorrectly marked as "safe for scripting" and can therefore be called from Internet Explorer.
scriptlet.typelib is a control used by developers to generate Type Libraries for Windows Script Components. It is marked as "safe for scripting", but should not be because it allows local files to be created or modified. The patch removes the "safe for scripting" marking, thereby causing IE to request confirmation from the user before loading the control.
Eyedog is a control used by diagnostic software in Windows. It is marked as "safe for scripting", but should not be because it allows registry information to be queried and machine characteristics to be gathered. In addition, one of the control's methods is vulnerable to a buffer overrun attack. The patch sets the so-called "kill bit", which prevents it from loading within IE.
Affected Products
- Microsoft Internet Explorer 4.0 and 5.0
Download
Patch: http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: October 12, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
