{"vuid":"VU#37556","idnumber":"37556","name":"InvokeRegWizard (regwizc.dll) ActiveX control has a buffer overflow","keywords":["InvokeRegWizard","regwizc.dll","Registration Wizard","Microsoft"],"overview":"Microsoft Internet Explorer 4.01 and 5 ship with a series of activex controls to aid in its functionality. Regwiz.dll is an safe-for-scripting activex control that contains a remotely exploitable buffer overflow.","clean_desc":"InvokeRegWizard (regwizc.dll) is a control that ships with Microsoft Internet Explorer 4.01 and 5. Regwiz.dll is a safe-for-scripting activex control that contains a remotely exploitable buffer overflow. The CLSID for this control is {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00}.","impact":"A remote attacker may be able to execute arbitrary commands on the system when the victim views a malicious web page.","resolution":"Apply the patch from Microsoft Security Bulletin MS99-37.","workarounds":"","sysaffected":"","thanks":"Microsoft acknowledges Georgi Guninski, Shane Hird of Australia and Richard Smith of Phar Lap Software (\nhttp://www.pharlap.com/\n) for reporting this vulnerability.","author":"This document was written by Shawn V Hernan and Jason Rafail.","public":["http://www.microsoft.com/technet/treeview/default.asp?url=/technet/Security/Bulletin/MS99-037.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/fq99-037.asp"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-01-14T18:34:38Z","publicdate":"1999-09-10T00:00:00Z","datefirstpublished":"2002-10-01T15:06:20Z","dateupdated":"2002-10-01T15:06:30Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"16","cam_exploitation":"1","cam_internetinfrastructure":"10","cam_population":"5","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"9.1125","cam_scorecurrentwidelyknown":"10.4625","cam_scorecurrentwidelyknownexploited":"16.875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.1125,"vulnote":null}