Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
BID:23838
Info
Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
| Bugtraq ID: | 23838 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2564 |
| Remote: | Yes |
| Local: | No |
| Published: | May 07 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | shinnai is credited with the discovery of these issues. |
| Vulnerable: |
Sienzo Digital Music Mentor 2.6 .4 |
| Not Vulnerable: | |
Discussion
Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
Sienzo Digital Music Mentor is prone to multiple stack-based buffer-overflow vulnerabilities because the software fails to adequately check boundaries on data supplied to multiple ActiveX control methods.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
Digital Music Mentor 2.6.0.4 is vulnerable; other versions may also be affected.
Sienzo Digital Music Mentor is prone to multiple stack-based buffer-overflow vulnerabilities because the software fails to adequately check boundaries on data supplied to multiple ActiveX control methods.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
Digital Music Mentor 2.6.0.4 is vulnerable; other versions may also be affected.
Exploit / POC
Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting user to view a malicious webpage.
The following exploit code has been made available:
To exploit these issues, an attacker must entice an unsuspecting user to view a malicious webpage.
The following exploit code has been made available:
Solution / Fix
Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
References:
References: