GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
BID:23567
Info
GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 23567 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0443 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2007 12:00AM |
| Updated: | Apr 20 2007 06:01PM |
| Credit: | Peter Vreugdenhil is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
GraceNote CDDBControl ActiveX 0 |
| Not Vulnerable: | |
Discussion
GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
GraceNote CDDBControl ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities.
An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerabilities are successfully exploited, the attacker may be able to corrupt process memory and execute arbitrary code within the context of the affected application.
GraceNote CDDBControl ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities.
An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerabilities are successfully exploited, the attacker may be able to corrupt process memory and execute arbitrary code within the context of the affected application.
Exploit / POC
GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
Solution:
The vendor released an update to address these issues. Please contact the vendor for information on how to obtain and apply this update.
Solution:
The vendor released an update to address these issues. Please contact the vendor for information on how to obtain and apply this update.
References
GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
References:
References: