#1 (permalink)  
Old 15-07-2007, 05:51 PM
BESadmin's Avatar
Administrator
  
Join Date: Aug 2006
Posts: 1,774
TeamOn Import Object ActiveX control vulnerability
TeamOn Import Object ActiveX control vulnerability

Doc ID : KB13142
Last Modified : 2007-07-06
Document Type : Security Advisory


Environment

Advisory Posted: 09 May 2007
  • BlackBerry® Internet Service 2.0
  • Microsoft® Internet Explorer®
  • T-Mobile® My E-mail
  • SDR114839
Note: The BlackBerry Internet Solution is designed to work with T-Mobile My E-mail to give BlackBerry device users secure, direct access to any combination of registered enterprise, proprietary, Post Office Protocol 3 (POP3), or Internet Message Access Protocol 4 (IMAP4) email accounts on their BlackBerry devices using a single user login account.
To determine which version of the BlackBerry Internet Service you are using, see KB04989.

Overview

A vulnerability identified by the CERT Coordination Center (CERT/CC) exists in the TeamOn Import Object Microsoft ActiveX® control used by BlackBerry Internet Service 2.0 on the BlackBerry Internet Service and the T-Mobile My E-mail web sites.

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 8.0 (Critical).

This article is in reference to United States Computer Emergency Response Team (US-CERT) Advisory VU#869641.

Problem

When using Internet Explorer to view the BlackBerry Internet Service or T-Mobile My E-mail web sites that use the TeamOn Import Object ActiveX control, and when trying to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the system.
The TeamOn Import Object ActiveX control has the following properties:
  • Publisher: Research In Motion
  • File name: TOImport.dll
  • Class identifier: 1D95A7C7-3282-4DB7-9A48-7C39CE152A19
Cause

An exploitable buffer overflow exists in the TeamOn Import Object ActiveX control used by the BlackBerry Internet Service and T-Mobile My E-mail web sites.

Resolution

The BlackBerry Internet Service and T-Mobile My E-mail web sites have been updated to use the correct ActiveX control.

Workaround

Remove and disable the ActiveX control from Internet Explorer.
To remove the ActiveX control from Internet Explorer, complete the following steps:
  1. In Internet Explorer, select Tools > Internet Options.
  2. Under Temporary Internet Files, click Settings.
  3. Click View Objects.
  4. Right-click TeamOn Import Object, then click Remove.
  5. Click Yes.
  6. Restart Internet Explorer.
To disable the ActiveX control, in the Windows Registry, set a registry entry for the ActiveX control that uses a specific Compatibility Flags DWORD value. This prevents Internet Explorer from calling that ActiveX control, if it exists, unless the Initialize and Script ActiveX controls not marked as safe options are enabled in Internet Explorer. This also prevents Internet Explorer from reinstalling that ActiveX control at the request of another web site.

Warning: The following procedure involves modifying the computer registry.

This can cause substantial damage to the Microsoft Windows® operating system. Document and back up the registry entries prior to implementing any changes.
  1. In the Registry Editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer.
  2. Right-click ActiveX Compatibility, then select New > Key.
  3. Type {1D95A7C7-3282-4DB7-9A48-7C39CE152A19} as the key name and press ENTER. Note: This is the class identifier of the ActiveX control.
  4. Right-click {1D95A7C7-3282-4DB7-9A48-7C39CE152A19}, then select New > DWORD Value.
  5. Type Compatibility Flags as the new DWORD Value name and press ENTER.
  6. Double-click Compatibility Flags.
  7. In the Value data field, type 00000400 and click OK.
  8. Close the Registry Editor and restart Internet Explorer.
Alternatively, Internet Explorer can be configured to disable ActiveX controls in the Internet Zone (or any zone used by an attacker), which serves to prevent exploitation of this and other ActiveX vulnerabilities. For more information on disabling and removing ActiveX controls, search for article 240797 in the Microsoft Support Knowledge Base.

Additional Information

Research In Motion (RIM) would like to acknowledge the Microsoft Corporation for also including the kill bits from this security update in the May 2007 Cumulative Security Update for Internet Explorer. BlackBerry Internet Service subscribers should primarily look for the RIM security update to resolve this issue.

For more information about the May 2007 Cumulative Security Update for Internet Explorer, search for Microsoft Security Bulletin MS07-027: Cumulative Security Update for Internet Explorer in the Microsoft TechNet web site.

CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT +11. The time now is 01:28 PM.

Copyright ©2006 - 2008 BLACKBERRYFORUMS - RIM and Blackberry are Registered Trademarks of Research In Motion

Contact Us - BlackBerry Support Forum - Asia Pacific - Archive - Top

Search Engine Friendly URLs by vBSEO 3.2.0