lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031009040041.18AF517BF3@porfidio.atstake.com>
From: fbret at stake.com (Frederic Bret-Mounet)
Subject: The msvidctl.dll in Windows XP

I just ran COMbust on the DLL and could not find anything obvious. A couple
of crashes, but no BOs.

If you want to explore it more, give COMbust a try:
http://atstake.com/research/tools/vulnerability_scanning/

-Fred

Frederic Bret-Mounet, CISSP
T 415.352.5116
M 415.305.2899
fbret@...take.com
www.atstake.com
 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Richard M.
Smith
Sent: Wednesday, October 08, 2003 7:26 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] The msvidctl.dll in Windows XP

Hi,

On my Windows XP laptop, I found a large number of ActiveX controls in the
system file msvidctl.dll which are marked safe for scripting.  I've attached
a list of the controls in this DLL.  I'm really curious why this DLL is
installed on my system in the first place since the laptop doesn't have a TV
tuner and why these controls need to be marked safe for scripting.

Also does anyone know if this DLL is installed by default in all/most
Windows XP systems?

My concern with this DLL, is that some number of security holes have slipped
by Microsoft given the large quantity of ActiveX methods and properties that
need to checked out here.

Thanks,
Richard M. Smith
http://www.ComputerBytesMan.com


 1   ATSC Tune Request Location Information  
 2   Audio Renderers Collection Class  
 3   BDA Data Services Feature Segment  
 4   BDA Tuner Device Segment  
 5   BDA Tuning Model Analog Radio Tuning Space  
 6   BDA Tuning Model Analog TV Tuning Space  
 7   BDA Tuning Model ATSC Channel Tune Request  
 8   BDA Tuning Model ATSC Component Type Class (Broadcast Substream Type)  
 9   BDA Tuning Model ATSC Tuning Space  
 10   BDA Tuning Model Channel Tune Request  
 11   BDA Tuning Model Component Class(Broadcast Substream)  
 12   BDA Tuning Model Component Type Class (Broadcast Substream Type)  
 13   BDA Tuning Model DVB Satellite Locator  
 14   BDA Tuning Model DVB Terrestrial Locator  
 15   BDA Tuning Model DVB Tune Request  
 16   BDA Tuning Model DVB Tuning Space  
 17   BDA Tuning Model DVB-Satellite Tuning Space  
 18   BDA Tuning Model Language Component Type Class (Broadcast Substream
Type)  
 19   BDA Tuning Model MPEG2 Component Class (Broadcast Substream)  
 20   BDA Tuning Model MPEG2 Component Type Class (Broadcast Substream Type)

 21   BDA Tuning Model MPEG2 Tune Request  
 22   BDA Tuning Model MPEG2 Tune Request Factory  
 23   Collection of all the available BDA Tuning Model Tuning Space objects
on this system  
 24   Collection of all the available BDA Tuning Model Tuning Space objects
on this system  
 25   Collection of BDA Tuning Model Component Types(Broadcast Substream
Types)  
 26   Conditional Access Feature  
 27   Custom Composition Segment from Legacy Analog Tv Tuner Device Segment
to Data Services Feature Segment  
 28   Custom Composition Segment from Legacy Analog Tv Tuner Device Segment
to Standard Video Renderer Device Segment  
 29   Custom Composition Segment from WebDVD Device Segment to Standard
Video Renderer Device Segment  
 30   DVD: Pluggable Protocol  
 31   Features Collection Class  
 32   File Playback Device Segment  
 33   Generic Graph Composition Segment  
 34   Input Devices Collection Class  
 35   Legacy Analog TV Tuner Device Segment  
 36   MS TV ATVEF compliant lid: Protocol Handler  
 37   MS TV Video Control  
 38   MS Video Control Closed Captioning Feature Segment  
 39   MSVidCtl MPEG2 Decoder to Closed Captioning Composition Segment  
 40   Output Devices Collection Class  
 41   PSFactoryBuffer  
 42   Standard Audio Renderer Device Segment  
 43   Standard Video Renderer Device Segment  
 44   TV: Pluggable Protocol  
 45   TVE Receiver Feature Description  
 46   Utility Object for Binding Events SubObjects in Script Variables  
 47   Utility Object for creating a Property Bag backed by the Registry  
 48   Video Renderers Collection Class  
 49   WebDVD Adminitration class  
 50   WebDVD Device Segment  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ