MS08-070: Vulnerabilities in Visual Basic 6.0 ActiveX Controls Could Allow Remote Code Execution (932349) High Nessus. Plugin ID 35069. Patch Publication Date: 2008/12/09. Vulnerability Publication Date: 2008/08/13. Exploitable With. Subscribe to Download Center RSS Region. The Americas. (MS08-070) VULNERABILITIES IN VISUAL BASIC 6.0 RUNTIME EXTENDED FILES (ACTIVEX CONTROLS) COULD ALLOW REMOTE CODE EXECUTION (932349). Patch Information: Patches for this vulnerability can be downloaded on this Microsoft Web page. Contact Sales.
Microsoft released another batch of patches using their regular schedule. A total of eight security bulletins have been published that contain descriptions of security vulnerabilities of which six have been classified as critical and two as important.
The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.
Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)
- MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated 'Critical'
- MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated 'Critical'
- MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated 'Critical'
- MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated 'Critical'
- MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated 'Critical'
- MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated 'Critical'
- MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated 'Important'
- MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated 'Important'
Windows users should install the updates as soon as possible to secure their computer system. The updates are also available for manual download and installation on Microsoft's Download Center. Here you can download the patches individually, or as Security Release ISO images that are available for each month separately. The core benefit of downloading the patches from the site is that you only need to download them once instead of multiple times if you need to deploy the updates on multiple systems.
AdvertisementWe upgraded our machines with a microsoft patch listed above and are now having issues with some winsock controls. While moving on to the new component library there were two issues that we faced:
- We are creating a Winsock control dynamically using Form.Controls.Add(...). With the new dlls it gave us a run time error 731 stating that we needed to add the license.
This issue was resolved by adding a line License.Add(PrgID of the control) before adding the control.
Serious Sam 2 V2 070 Patch
Now the issue is when we try setting this control to an object of type mWinsock we get a runtime error Type Mismatch. Any thoughts?
Dylan Corriveau4 Answers
Take a look at 'Description of the cumulative update rollup for the Visual Basic 6.0 Service Pack 6 Runtime Extended Files.'
This December 30, 2008 update should remove and replace the faulty Dec 9 security update. It appears to deal with both 926857 and 957924.
958369 seems to be a Visual FoxPro KB article for the same faulty update (Dec 9). VFP uses many VB controls.
You may need to add the control to the toolbox so that the VB6 project and form has a proper reference to it. You will need to do this even if you don't actually have it on the form at design time.
With the reference VB may not have all the information needed to resolve the methods and properties of the control at run-time
RS ConleyRS ConleySince the interface signatures have changed, you will have to remove the component reference from the project, save and close VB6 completely, unregister the old control, register the new version from the patch, reopen your project and add the component back in. If you do this you'll most likely lose support for machines that don't have the patch installed (or you will have to install it as part of your installation package)
Of course, you can always declare the reference 'As Object' if it's easier but your performance will drop a bit and you will lose support for WithEvents
Patch Download Pes 2016
rpetrichrpetrichI encountered a similar issue when dynamically creating non-intrinsic controls in VB6. Perhaps Winsock is no longer considered intrinsic. Try declaring your variable as VBControlExtender instead of Winsock, as follows:
See this MSDN article for more information.
TemplarTemplar