BrowseDialog ActiveX Control CCRPBDS6.DLL Denial of Service Vulnerability

Bugtraq ID:	22110
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Jan 18 2007 12:00AM
Updated:	Jan 18 2007 07:00PM
Credit:	shinnai is credited with the discovery of this vulnerability.
Vulnerable:	Brad Martinez BrowseDialog ActiveX control 0
Not Vulnerable:

BrowseDialog ActiveX Control CCRPBDS6.DLL Denial of Service Vulnerability

The BrowseDialog ActiveX control is prone to a denial-of-service vulnerability.

A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application.

An attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications utilizing the vulnerable ActiveX control.

BrowseDialog ActiveX Control CCRPBDS6.DLL Denial of Service Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/22110.html

BrowseDialog ActiveX Control CCRPBDS6.DLL Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

BrowseDialog ActiveX Control CCRPBDS6.DLL Denial of Service Vulnerability

References:

• CCRP BrowseDialog Homepage (CCRP Controls)
  
• Microsoft Knowledge Base Article 240797 (Microsoft)