Critical Update for a Visual Basic 6 Runtime DLL
October 26th, 2007 by James D. MurrayBack in August 2007, Microsoft released a critical update for a Visual Basic 6 Runtime file. The file, OLEAUT32.DLL, contains a vulnerability that can be exploited and allowing an attacker to gain complete control of a computer if the logged-on user has Administrator privileges. The exploit may be performed by a COM component or an ActiveX control residing in a Windows application or a Web page.
The vulnerability itself is caused by the improper checking of input data, allowing specially crafted memory requests to be passed to the Windows OLE Automation service. The OLEAUT32.DLL library provides the API to COM and ActiveX components to access this service. The update released by Microsoft patches the vulnerability by adding validity checking to memory requests.
So what’s to worry? You faithfully run Microsoft Update on the second Tuesday of every month, right? Well, hang on to your mouse–not all critical updates released by Microsoft are distributed through Microsoft Updates. This Visual Basic critical vulnerability is one that you’ll need to patch yourself.
Many major and critical updates are not released via automatic updates for one reason or another. In this case, the Visual Basic runtime files are not considered part of the Windows distribution or other major Microsoft application, such as Microsoft Office or SQL Server. Microsoft Update therefore does not distribute updates to Visual Basic Runtime files–be it a critical fix or not.
This update is important because Visual Basic has been in use since 1991 and many thousands of applications have been created using it. The most recent version, Visual Basic 6, was released in 1998, and hasn’t had a major update since Service Pack 6 for Visual Basic 6.0 was released in March 2004. This means that the OLEAUT32.DLL critical vulnerability has existed on millions of Windows computers for many, many years.
Concerned yet? Well, you can download the update from the Visual Basic 6 OLEAUT32.DLL Security Update page on Microsoft’s Web site. Run the VB6-KB924053-x86-ENU.exe file and the update will be applied quickly. The new OLEAUT32.DLL file will have the version number 5.1.2600.3139. The details of the vulnerability this update fixes are described in Microsoft Security Bulletin MS07-043.
But I don’t use Visual Basic!
Actually, you probably do use Visual Basic, but don’t realize it. It is likely that there are several applications installed on your Windows computer that were written using Visual Basic. If you want to find out, look for the OLDAUT32.DLL file in your System32 folder. If it’s there then you have the Visual Basic Runtime installed on your computer, vulnerable, unpatched, and freely available for use by any process.
Developers who use Visual Basic must also apply this update, not just for their own use, but also for any installation packages that they build. Make sure to locate all copies of OLEAUT32.DLL stored on your development workstation. Programs that create installation packages often cache runtime files rather than reading them directly from system folder. Patching OLEAUT32.DLL on your computer doesn’t guarantee that the copy of OLEAUT32.DLL used by your favorite installation builder is also patched. Check the file version number and manuall replace all copies of OLEAUT32.DLL that you find.
References
MS07-043: Vulnerability in OLE Automation could allow remote code execution (921503)
MS07-043 Description of security update for the Visual Basic 6.0 redistributable (924053)
Microsoft Security Bulletin MS07-043
| Views: 1,978 | Tags: security, updates, Visual Basic |  Print This Post
|
November 13th, 2007 at 11:52 am
can you please help me step by step. I went to microsoft and download the visual 6.0 but it didn’t work. I have windows 2000 and xp computers. PLEASE HELP ME!
November 13th, 2007 at 3:26 pm
How do you know that the update didn’t work? You may have more than one OLEAUT32.DLL file on your computer. The updated OLEAUT32.DLL file will have the version number 5.1.2600.3139.
November 14th, 2007 at 6:39 am
after I install the update I ran a scan on the user computer. It comes up with the same vulnerability “ole automation could allow remote code execution - visual basic 6. how can I fix this problem. it is on windows 2000 and xp computers.
November 14th, 2007 at 8:49 am
Does the scan indicate the file that has the vulnerability? If it is not OLEAUT32.DLL then the update described in this article may not apply to the vulnerability the scanner is flagging. If it is OLEAUT32.DLL, replace the flagged file with the updated OLEAUT32.DLL file created by the patch and rerun the scanner.
November 14th, 2007 at 9:37 am
no the scan does not indicate the file. I went to microsoft technet sercurity bulletin MS07-043 and downloaded the patch. I ran a scan and the same vulnerability came up. I check the Oleaut32.dll in winnt/systems32/ for windows 2000. It has a 2.4 ole dll. I also went to c:/programfiles/microsoft visual folder/wizard/apa and saw the latest ole dll 5.1 update. I ran another scan and the same vulnerability came up. what is the fix or do you know someone who can help me with this problem.
November 14th, 2007 at 11:38 am
If you have replaced all of the OLEAUT32.DLL files on your computer with the updated file and the scanner still flags the file, I would suggest contacting the tech support of the company that makes the scanner.
November 14th, 2007 at 1:07 pm
hey james what is the latest version of oleaut32.dll file for windows 2000.