VersalSoft HTTP File Upload ActiveX Control Remote Buffer Overflow Vulnerability
BID:23853
Info
VersalSoft HTTP File Upload ActiveX Control Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 23853 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2563 |
| Remote: | Yes |
| Local: | No |
| Published: | May 07 2007 12:00AM |
| Updated: | Nov 01 2007 09:16PM |
| Credit: | Discovery of this issue is credited to shinnai. |
| Vulnerable: |
VersalSoft HTTP File Upload 6.36 |
| Not Vulnerable: | |
Discussion
VersalSoft HTTP File Upload ActiveX Control Remote Buffer Overflow Vulnerability
VersalSoft HTTP File Upload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful attacks corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.
VersalSoft HTTP File Upload 6.36 is vulnerable to this issue; other versions may also be affected.
VersalSoft HTTP File Upload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful attacks corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.
VersalSoft HTTP File Upload 6.36 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
VersalSoft HTTP File Upload ActiveX Control Remote Buffer Overflow Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following proof-of-concept HTML page demonstrates this issue by triggering crashes.
An additional exploit has been provided.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following proof-of-concept HTML page demonstrates this issue by triggering crashes.
An additional exploit has been provided.
Solution / Fix
VersalSoft HTTP File Upload ActiveX Control Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
VersalSoft HTTP File Upload ActiveX Control Remote Buffer Overflow Vulnerability
References:
References: