NetSprint Toolbar ActiveX Denial of Service Vulnerability
BID:23530
Info
NetSprint Toolbar ActiveX Denial of Service Vulnerability
| Bugtraq ID: | 23530 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2007 12:00AM |
| Updated: | Apr 24 2007 05:10PM |
| Credit: | Michal Bucko is credited with the discovery of this vulnerability. Michal Zalewski provided additional information. |
| Vulnerable: |
NetSprint NetSprint Toolbar 1.1 |
| Not Vulnerable: | |
Discussion
NetSprint Toolbar ActiveX Denial of Service Vulnerability
NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability.
Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed.
NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable.
NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability.
Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed.
NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable.
Exploit / POC
NetSprint Toolbar ActiveX Denial of Service Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
NetSprint Toolbar ActiveX Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
NetSprint Toolbar ActiveX Denial of Service Vulnerability
References:
References:
- NetSprint Toolbar Product Page (NetSprint)
- Q240797: How to Stop an ActiveX Control from Running in Internet Explorer (Microsoft)
- Netsprint Toolbar 1.1 arbitrary remote code vulnerability ("Michal Bucko"
) - Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability (Michal Zalewski
)