IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
BID:23071
Info
IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 23071 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0348 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2007 12:00AM |
| Updated: | Feb 01 2008 06:07PM |
| Credit: | Carsten Eiram of Secunia Research discovered these issues. |
| Vulnerable: |
Roxio CinePlayer 3.2 InterVideo WinDVD 7 InterActual Technologies InterActual Player 2.60.12.0717 |
| Not Vulnerable: |
InterVideo WinDVD 8 |
Discussion
IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
The IASystemInfo.dll ActiveX control of InterActual Player and CinePlayer is prone to buffer-overflow vulnerabilities. This software fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.
InterActual Player version 2.60.12.0717 is vulnerable to these issues; other versions may also be affected.
CinePlayer version 3.2 is vulnerable to these issues; other versions may also be affected.
The IASystemInfo.dll ActiveX control of InterActual Player and CinePlayer is prone to buffer-overflow vulnerabilities. This software fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.
InterActual Player version 2.60.12.0717 is vulnerable to these issues; other versions may also be affected.
CinePlayer version 3.2 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
The following exploit code is available as a module for the Metasploit Framework:
The following exploit code is available as a module for the Metasploit Framework:
Solution / Fix
IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
References:
References:
- CinePlayer Homepage (Roxio)
- interActual Player (interActual Technologies)
- Roxio Homepage (Roxio)
- Secunia Research: InterActual Player / CinePlayer IASystemInfo.dll ActiveX Contr (Secunia)
- Secunia Research: InterActual Player / CinePlayer IASystemInfo.dll ActiveX Contr (Secunia)
- Vulnerability Note VU#922969 InterActual Player SyscheckObject ActiveX controls (US-CERT)