Newtone ImageKit ActiveX Multiple Unspecified Buffer Overflow Vulnerabilities
BID:21375
Info
Newtone ImageKit ActiveX Multiple Unspecified Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21375 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-3893 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2006 12:00AM |
| Updated: | Dec 01 2006 04:34PM |
| Credit: | Will Dormann is credited with the discovery of these issues. |
| Vulnerable: |
Newtone ImageKit 6 Fix 40 Newtone ImageKit 5 fix 29 Casio Photo Loader 3.00 |
| Not Vulnerable: |
Newtone ImageKit 6 Fix 41 Newtone ImageKit 5 Fix 30 Casio Photo Loader 3.01 |
Discussion
Newtone ImageKit ActiveX Multiple Unspecified Buffer Overflow Vulnerabilities
ImageKit is prone to multiple unspecified buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on processed input data.
An attacker could leverage these issues to execute arbitrary code with the privileges of the application. Other attacks are possible.
These issues affect:
- CASIO Photo Loader versions prior to 3.01
- Newtone ImageKit 5 prior to Fix 30
- Newtone ImageKit 6 prior to Fix 41
ImageKit is prone to multiple unspecified buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on processed input data.
An attacker could leverage these issues to execute arbitrary code with the privileges of the application. Other attacks are possible.
These issues affect:
- CASIO Photo Loader versions prior to 3.01
- Newtone ImageKit 5 prior to Fix 30
- Newtone ImageKit 6 prior to Fix 41
Exploit / POC
Newtone ImageKit ActiveX Multiple Unspecified Buffer Overflow Vulnerabilities
To exploit these issues the attacker must entice a victim user to process a malicious file with the affected application.
To exploit these issues the attacker must entice a victim user to process a malicious file with the affected application.
Solution / Fix
Newtone ImageKit ActiveX Multiple Unspecified Buffer Overflow Vulnerabilities
Solution:
The vendor has released fixes for these issues. Please see the references for information on how to obtain and apply these fixes.
Solution:
The vendor has released fixes for these issues. Please see the references for information on how to obtain and apply these fixes.
References
Newtone ImageKit ActiveX Multiple Unspecified Buffer Overflow Vulnerabilities
References:
References:
- Casio Photo Loader 3.0 Download Page (Casio)
- ImageKit 5 Update Log (Newtone Corporation)
- ImageKit 6 Update Log (Newtone Corporation)
- Vendor Homepage (Newtone Corporation)