From: xenophi1e [mailto:oliver.lavery () sympatico ca]
Sent: Wednesday, August 13, 2003 10:51 AM
To: bugtraq () securityfocus com
Subject: Re: Microsoft MCWNDX.OCX ActiveX buffer overflow
In-Reply-To: <007201c361df$c311f0c0$329f8018 () youru10ixi0anw>
Does anyone know what the guid for this control is? I don't
have it on XP
with Visual Studio 6 installed.
Could this be the same as the Microsoft Multimedia Control, aka
Microsoft MCWNDX.OCX ActiveX buffer overflow
PROGRAM: MICROSOFT MCIWNDX.OCX ACTIVEX BUFFER OVERFLOW
VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with
Visual Studio 6
support multimedia programming.
MCWNDX is an activeX shipped with Visual Studio 6 to
support multimedia programming. Although not many people use it
however it still can be called through CLSID in a website
and passing a
large amount of data to the activex will cause an buffer overflow.
Since this Activex is only shipped with VIsual Studio 6.0, so only
people who are having Visual Studio 6.0 will be affected or people
who are still using old multimedia programs coded in Visual
(In my PC, the last date the ActiveX is patched is in 1996 !
I am using
VS Sp 4)
The ActiveX has a property called "Filename" which is used
the .mci file to load. However if it is passed with a very large
is good enough :-) ), it will cause a bufferoverflow. (I can't
EIP using this overflow in my XP, however it doesn't mean
Microsoft has been noticed but since the hole is maybe minor
to them so
they don't response to me even a short sentence like "Thank you !"
Delete the file MCWNDX.ocx in your SYSTEM32 directory if you are
using 2000 or XP or in your SYSTEM directory if you are
using WIN ME or
Discovered by Tri Huynh from Sentry Union
The information within this paper may change without