CVE-1999-0670

Vulnerability

A buffer overflow vulnerability exists in the Eyedog ActiveX control, which is a component of diagnostic software in Windows. The control was incorrectly marked as "safe for scripting" and is used by Internet Explorer. An affected version is present in Microsoft Internet Explorer versions 4.0 and 5.0 [1]. The flaw resides in one of the control's methods, which does not properly validate input length, allowing an attacker to overflow a buffer [1].

Exploitation

An attacker can craft a malicious web page that calls the vulnerable Eyedog control method with a specially crafted input. The attacker does not require any authentication or prior access beyond hosting a web page that a user visits with Internet Explorer. No user interaction beyond visiting the page is needed, as the control is marked as safe for scripting and loads automatically [1].

Impact

Successful exploitation allows a remote attacker to execute arbitrary commands on the victim's system with the privileges of the logged-in user. This can lead to full compromise of the affected machine, including data theft, installation of malware, or further lateral movement [1].

Mitigation

Microsoft released a security patch in Security Bulletin MS99-032 (originally posted August 31, 1999, updated March 21, 2003) that sets the "kill bit" for the Eyedog control, preventing it from loading within Internet Explorer [1]. Users should install the patch or apply the kill bit manually. There is no known workaround other than disabling the control or upgrading to a non-vulnerable version of Internet Explorer [1].