{"vuid":"VU#1673","idnumber":"1673","name":"Eyedog ActiveX control incorrectly marked \"safe for scripting\"","keywords":["Eyedog","ActiveX control","safe for scripting","Internet Explorer","IE","MS99-032","buffer overflow"],"overview":"Versions of the Eyedog ActiveX control current circa August, 1999, are incorrectly marked safe for scripting.","clean_desc":"Eyedog is an ActiveX control that was used to perform diagnostic function in Windows. It was marked as safe for scripting, which means that it could be called from Internet Explorer, but provided access to computer configuration data. The patch sets the \"kill bit\" for the control. For more information, see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-032.asp The control is contained in eyedog.ocx. The Class ID is 06A7EC63-4321-11D0-A112-00A0C90543AA.","impact":"Attacker can retrieve system configuration information.","resolution":"Apply the patch as described in MS99-032.","workarounds":"","sysaffected":"","thanks":"Our thanks to Microsoft for the information contained in their advisory.","author":"This document was written by Shawn V Hernan.","public":["http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-032.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/fq99-032.asp","http://support.microsoft.com/support/kb/articles/q240/7/97.asp"],"cveids":["CVE-1999-0668"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"1999-09-03T13:42:30Z","publicdate":"1999-08-31T00:00:00Z","datefirstpublished":"2001-11-15T04:30:29Z","dateupdated":"2001-11-15T04:30:29Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"10","cam_internetinfrastructure":"0","cam_population":"5","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"9.4921875","cam_scorecurrentwidelyknown":"9.4921875","cam_scorecurrentwidelyknownexploited":"12.65625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.4921875,"vulnote":null}