BankTown ActiveX Control Remote Buffer Overflow Vulnerability
BID:17815
Info
BankTown ActiveX Control Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17815 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2006 12:00AM |
| Updated: | May 08 2006 09:09PM |
| Credit: | Park, Gyu Tae is credited with the discovery of this issue. |
| Vulnerable: |
BankTown BtCxCtl20Com ActiveX Control 1.5.2 .50209 BankTown BtCxCtl20Com ActiveX Control 1.4.2 .51817 |
| Not Vulnerable: | |
Discussion
BankTown ActiveX Control Remote Buffer Overflow Vulnerability
BankTown ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
Invoking the object from a malicious website may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.
BankTown ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
Invoking the object from a malicious website may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.
Exploit / POC
BankTown ActiveX Control Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following proof of concept is available:
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following proof of concept is available:
Solution / Fix
BankTown ActiveX Control Remote Buffer Overflow Vulnerability
Solution:
The vendor states that the vulnerable ActiveX control is no longer used. They have also released a patch to address this issue. Users of affected packages should contact the vendor for further information on obtaining and applying the fix.
Solution:
The vendor states that the vulnerable ActiveX control is no longer used. They have also released a patch to address this issue. Users of affected packages should contact the vendor for further information on obtaining and applying the fix.
References
BankTown ActiveX Control Remote Buffer Overflow Vulnerability
References:
References: