LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
BID:24035
Info
LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 24035 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2763 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | shinnai is credited with the discovery of these issues. |
| Vulnerable: |
Sienzo Digital Music Mentor 2.6 .4 LeadTools Multimedia 15 |
| Not Vulnerable: | |
Discussion
LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
LEADTOOLS Multimedia is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately check boundaries on data supplied to an ActiveX control method.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
LEADTOOLS Multimedia 15 is vulnerable; other versions may also be affected.
NOTE: The 'Ltmm15.dll' ActiveX control is included in Digital Music Mentor 2.6.0.4. Other applications may also include the ActiveX control.
LEADTOOLS Multimedia is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately check boundaries on data supplied to an ActiveX control method.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
LEADTOOLS Multimedia 15 is vulnerable; other versions may also be affected.
NOTE: The 'Ltmm15.dll' ActiveX control is included in Digital Music Mentor 2.6.0.4. Other applications may also include the ActiveX control.
Exploit / POC
LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
To exploit these issues, an attacker must entice an unsuspecting user to view a malicious webpage.
The following exploit code has been made available:
To exploit these issues, an attacker must entice an unsuspecting user to view a malicious webpage.
The following exploit code has been made available:
Solution / Fix
LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
References:
References: