East Wind Software ADVDAUDIO ActiveX Control OpenDVD Buffer Overflow Vulnerability

Bugtraq ID:	23833
Class:	Boundary Condition Error
CVE:	CVE-2007-2576
Remote:	Yes
Local:	No
Published:	May 05 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	shinnai discovered this vulnerability.
Vulnerable:	East Wind Software ADVDAUDIO 2.5.1
Not Vulnerable:

East Wind Software ADVDAUDIO ActiveX Control OpenDVD Buffer Overflow Vulnerability

East Wind Software ADVDAUDIO ActiveX control is prone to a stack-based buffer-overflow vulnerability because the software fails to sufficiently check boundaries on arguments supplied to a method that is exposed by the control.

Attackers could exploit the issue to execute arbitrary code in the context of the currently logged-in user.

East Wind Software ADVDAUDIO ActiveX Control OpenDVD Buffer Overflow Vulnerability

An exploit has been provided.

• /data/vulnerabilities/exploits/east.txt

East Wind Software ADVDAUDIO ActiveX Control OpenDVD Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

East Wind Software ADVDAUDIO ActiveX Control OpenDVD Buffer Overflow Vulnerability

References:

• ADVDAUDIO Home (East Wind Software)
  
• MoAxB #05: East Wind Software (advdaudio.ocx v. 1.5.1.1) 'OpenDVD' method Stack (shinnai)
  
• Q240797: How to Stop an ActiveX Control from Running in Internet Explorer (Microsoft)