BID:23637

InterVideo HomeTheater ActiveX Control Remote Buffer Overflow Vulnerability

Info

InterVideo HomeTheater ActiveX Control Remote Buffer Overflow Vulnerability

Bugtraq ID:	23637
Class:	Boundary Condition Error
CVE:	CVE-2007-2323
Remote:	Yes
Local:	No
Published:	Mar 20 2007 12:00AM
Updated:	Nov 04 2008 02:55AM
Credit:	Parvez Anwar is credited this issue.
Vulnerable:	InterVideo Home Theater 2.5.13.58 InterVideo Home Theater 2.1.13.0

Not Vulnerable:

Discussion

InterVideo HomeTheater ActiveX Control Remote Buffer Overflow Vulnerability

InterVideo HomeTheater is prone to a buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

InterVideo HomeTheater 2.1.13.0 and 2.5.13.58, incorporating WinDVDX.ocx 1.0.0.1, are vulnerable to this issue; other versions may also be affected.

Exploit / POC

InterVideo HomeTheater ActiveX Control Remote Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

InterVideo HomeTheater ActiveX Control Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

InterVideo HomeTheater ActiveX Control Remote Buffer Overflow Vulnerability

References:

How to stop an ActiveX control from running in Internet Explorer (Microsoft)
Vendor Homepage (InterVideo)