关键信息 Vulnerability ID: VU#649289 Title: Retro64 / Miniclip CR64Loader ActiveX control buffer overflow Release Date: 2006-09-01 Last Revised: 2006-09-08 CVE ID: CVE-2006-4555 Severity Metric: 1.67 Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. A remote, unauthenticated attacker can execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control with CLSID . Systems that used certain pages of retro64.com or miniclip.com in the past may be vulnerable. Impact An attacker can execute arbitrary code or cause Internet Explorer (or the program using the WebBrowser control) to crash by convincing a user to view a specially crafted HTML document. Solution Disable the CR64Loader ActiveX control by setting the kill bit for the CLSID . Refer to Microsoft Support Document 240797. Disable ActiveX controls in the Internet Zone. Instructions are available in the "Securing Your Web Browser" document and the Malicious Web Scripts FAQ. Vendor Information Miniclip Limited: Affected Retro64: Affected References http://support.microsoft.com/kb/240797 http://www.us-cert.gov/reading_room/securing_browser/#Internet_Explorer Other Information Reported by Will Dormann of CERT/CC